Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Overview

General Information

Sample name:End of Year Accounting for The Estate of Janet Delesanti-2.pdf
Analysis ID:1580457
MD5:c37012ba15a5dd1c1ae109d07c4e6417
SHA1:752014043e65f3bc49704cdae2a9e26a0a6fa82a
SHA256:7a4fc14999cc545e5fc14502b74ee87e3d50b33c531eef64c6c531952f6f8394
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Drops files with a non-matching file extension (content does not match file extension)
Potential document exploit detected (performs DNS queries)
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w11x64_office
  • Acrobat.exe (PID: 1476 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\End of Year Accounting for The Estate of Janet Delesanti-2.pdf" MD5: 4354BCD7483AABB81809350484FFD58F)
    • AdobeCollabSync.exe (PID: 8232 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 1C26C611BFACED153F60CB1653A8745D)
      • AdobeCollabSync.exe (PID: 8280 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8232 MD5: 1C26C611BFACED153F60CB1653A8745D)
        • FullTrustNotifier.exe (PID: 9092 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)
    • AcroCEF.exe (PID: 8532 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: B104218348848F1F113AF11C0982931A)
      • AcroCEF.exe (PID: 8836 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1652,i,9816887814325324639,16998118217230622433,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: B104218348848F1F113AF11C0982931A)
    • adobe_licensing_wf_acro.exe (PID: 8048 cmdline: 8088 MD5: D54E48D4768DA60C8C28AF49D2862EE7)
      • adobe_licensing_wf_helper_acro.exe (PID: 2500 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1512 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2 MD5: 655A56A11FF0E2F0A6078D9DC2A79461)
      • adobe_licensing_wf_helper_acro.exe (PID: 8860 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:8 MD5: 655A56A11FF0E2F0A6078D9DC2A79461)
      • adobe_licensing_wf_helper_acro.exe (PID: 8908 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --first-renderer-process --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=5260462015 --mojo-platform-channel-handle=2180 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1 MD5: 655A56A11FF0E2F0A6078D9DC2A79461)
      • adobe_licensing_wf_helper_acro.exe (PID: 6160 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=5261158621 --mojo-platform-channel-handle=2268 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1 MD5: 655A56A11FF0E2F0A6078D9DC2A79461)
      • adobe_licensing_wf_helper_acro.exe (PID: 9408 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=2400 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2 MD5: 655A56A11FF0E2F0A6078D9DC2A79461)
      • adobe_licensing_wf_helper_acro.exe (PID: 9688 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --launch-time-ticks=5279044279 --mojo-platform-channel-handle=2912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1 MD5: 655A56A11FF0E2F0A6078D9DC2A79461)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: srtb.msn.com
Source: global trafficDNS query: name: assets.msn.com
Source: global trafficDNS query: name: tse1.mm.bing.net
Source: global trafficDNS query: name: ims-na1.adobelogin.com
Source: global trafficDNS query: name: res.public.onecdn.static.microsoft
Source: global trafficDNS query: name: assets.msn.com
Source: global trafficDNS query: name: c.pki.goog
Source: global trafficDNS query: name: aefd.nelreports.net
Source: global trafficDNS query: name: x1.c.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: srtb.msn.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: tse1.mm.bing.net
Source: global trafficDNS traffic detected: DNS query: ims-na1.adobelogin.com
Source: global trafficDNS traffic detected: DNS query: res.public.onecdn.static.microsoft
Source: global trafficDNS traffic detected: DNS query: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: aefd.nelreports.net
Source: global trafficDNS traffic detected: DNS query: x1.c.lencr.org
Source: AdobeCollabSync.exe, 00000006.00000003.12906410227.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12744361459.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12610599667.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12544927311.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12921164988.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12706103173.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12598102374.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12624482939.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12584407626.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12678940161.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12780995225.000001C3B1AFA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12041204194.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12382005306.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12652084595.000001C3B1AFA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000002.13035817304.000001C3B1AFA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12725582402.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12762628925.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12868364536.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12572408933.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12346583614.0000021A33CF9000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951333988.0000457601C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12351535245.00004576023AC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951900795.0000457600C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12181978104.00002C36025AC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947315564.00002C3600C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947130774.00002C3601E04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://css3pie.com
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.i.lencr.org/
Source: adobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lenc
Source: adobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lenc_
Source: adobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org1.3.6.1.5.5.7.48.2http://e5.i.lencr.org/
Source: adobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org1.3.6.1.5.5.7.48.2http://e5.i.lencr.org/gC
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12311362860.0000020B216C3000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12179993294.0000020B216C2000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12155929004.0000020B216C2000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12184881547.0000020B216C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12318083316.000001D86D0D2000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12149381573.00000202E9802000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12353883388.000045760260C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951333988.0000457601C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11968222782.00004576023BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11964838628.00002C36025BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947130774.00002C3601E04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12176375920.00002C3600A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jquery.com/
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11986714713.0000457601204000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12353883388.000045760260C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951333988.0000457601C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11968222782.00004576023BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11964838628.00002C36025BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947130774.00002C3601E04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12176375920.00002C3600A0C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11970754643.00002C3601204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jquery.org/license
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11994239661.00004576026A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11978400087.00002C3600AA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12245592951.00001D16009DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lists.w3.org/Archives/Public/public-svg-wg/2008JulSep/0347.html
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11986714713.0000457601204000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12353883388.000045760260C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951333988.0000457601C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11968222782.00004576023BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11964838628.00002C36025BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947130774.00002C3601E04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12176375920.00002C3600A0C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11970754643.00002C3601204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sizzlejs.com/
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12356539412.0000559000250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12318733317.0000414600230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12346583614.0000021A33CF9000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33CF8000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/
Source: adobe_licensing_wf_acro.exe, 0000000E.00000003.12325995983.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12327798802.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12345870709.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12346583614.0000021A33CF9000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/Q
Source: adobe_licensing_wf_acro.exe, 0000000E.00000003.12325995983.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12327798802.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12345870709.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312453313.00001D1600220000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12315494822.00001D1600498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/gsi/
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321965380.0000414600396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/gsi/;
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12315494822.00001D1600498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://adobe-api.arkoselabs.com
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://alekberg.net/privacy
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://alekberg.net/privacybN
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12354124020.00005590000E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://auth.services.
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12315494822.00001D1600498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.arkoselabs.com
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryAF$
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12324549999.0000457600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12154806027.00002C3600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312549948.00001D1600235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12324549999.0000457600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12154806027.00002C3600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312549948.00001D1600235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore--device-scale-factor=1--num-raster-threads=2enable-main-frame-bef
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium.dns.nextdns.iohttps://nextdns.io/privacyhttps://public.dns.iij.jp/https://dns.sb/pr
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy2-
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12223225656.00001D160084C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://client-v.adobe.i//core-mdetectiotion-pubeedge.neH$
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12324549999.0000457600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12154806027.00002C3600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312549948.00001D1600235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12324549999.0000457600235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx15--launch-time-ticks=5260462015--launch-time-ticks=5
Source: adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12154806027.00002C3600235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxle--launch-time-ticks=5261158621WebRtcHideLocalIpsWit
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312549948.00001D1600235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxle--launch-time-ticks=5279044279WebRtcHideLocalIpsWit
Source: AdobeCollabSync.exe, 00000006.00000003.11801311784.000001C3B19EA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000002.13035038964.000001C3B1971000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.
Source: AdobeCollabSync.exe, 00000006.00000002.13035038964.000001C3B1971000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 00000006.00000003.11801366009.000001C3B1ADC000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11801311784.000001C3B19EA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11801824863.000001C3B1AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schem
Source: AdobeCollabSync.exe, 00000006.00000003.11801479728.000001C3B1AF4000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11801311784.000001C3B19EA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11801852814.000001C3B1AEA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11801824863.000001C3B1AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas
Source: AdobeCollabSync.exe, 00000006.00000002.13033996111.000001C3AFB87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 00000006.00000003.11801506274.000001C3B19CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/enti
Source: AdobeCollabSync.exe, 00000006.00000003.11801506274.000001C3B19CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entiog
Source: AdobeCollabSync.exe, 00000006.00000003.11801311784.000001C3B19EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entit
Source: AdobeCollabSync.exe, 00000006.00000003.11801311784.000001C3B19EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entitG
Source: AdobeCollabSync.exe, 00000006.00000003.12149739133.000001C3B19EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 00000006.00000003.11801506274.000001C3B19CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entiws
Source: AdobeCollabSync.exe, 00000006.00000003.12149739133.000001C3B19EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 00000006.00000003.11801311784.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/)
Source: AdobeCollabSync.exe, 00000006.00000003.11801428363.000001C3B1AD8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11802566669.000001C3B1AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/.adobe.i=
Source: AdobeCollabSync.exe, 00000006.00000003.11801311784.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync//comment
Source: AdobeCollabSync.exe, 00000006.00000002.13035038964.000001C3B1971000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/494:
Source: AdobeCollabSync.exe, 00000006.00000003.11802319349.000001C3B1AE0000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11801366009.000001C3B1ADC000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11801824863.000001C3B1AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/bat_desk
Source: AdobeCollabSync.exe, 00000006.00000003.11801428363.000001C3B1AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/e.io/schj
Source: AdobeCollabSync.exe, 00000006.00000003.11801506274.000001C3B19AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/extheade
Source: AdobeCollabSync.exe, 00000006.00000003.11801428363.000001C3B1AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/ontexth
Source: AdobeCollabSync.exe, 00000006.00000003.11802319349.000001C3B1AE0000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11801366009.000001C3B1ADC000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11801824863.000001C3B1AE5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11802566669.000001C3B1AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/robat5
Source: AdobeCollabSync.exe, 00000006.00000003.11801428363.000001C3B1AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/v
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/AF%
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyquery
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.google/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.switch.ch/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.switch.ch/dns-queryhttps://dns.quad9.net/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query2-
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query2-
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cox.net/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.quickline.ch/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11994239661.00004576026A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11978400087.00002C3600AA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12245592951.00001D16009DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drafts.csswg.org/css-color-adjust-1/#forced-colors-properties
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962224811.000045760199C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11963122481.00004576019A4000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11956154447.00002C3601BA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11957871262.00002C3601BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.com/go/lic_cloH
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962224811.000045760199C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11963122481.00004576019A4000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11956154447.00002C3601BA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11957871262.00002C3601BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.com/go/lic_conerror_tw
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962224811.000045760199C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11963122481.00004576019A4000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11956154447.00002C3601BA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11957871262.00002C3601BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.com/go/lic_errcn(
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962069584.0000457601974000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11961800563.000045760196C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.com/go/lic_pro
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962521123.00004576018E4000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962813106.00004576018EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.com/go/lic_proX
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000003.12150769074.000041460064C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000011.00000003.12150494489.0000414600624000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000011.00000003.12150769074.0000414600668000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12325583510.00001D1600E0C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12229300052.00001D1600944000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12317247925.00001D16005E8000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12317325570.00001D16005F0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12325583510.00001D1600E1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebReflection/url-search-params/blob/master/README.md#ios-10--other-platforms-bug
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11941318590.00004576003A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11943963205.0000457600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11944089164.0000457600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11940265263.00004576003BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11943963205.0000457600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939370284.00002C3600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939566083.00002C3600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939370284.00002C3600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11930327772.00002C36003BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11931550725.00002C36003A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098256616.00001D1600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12097812980.00001D1600394000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098045059.00001D1600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098045059.00001D1600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12097737303.00001D16003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11941318590.00004576003A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11943963205.0000457600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11944089164.0000457600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11940265263.00004576003BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11943963205.0000457600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939370284.00002C3600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939566083.00002C3600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939370284.00002C3600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11930327772.00002C36003BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11931550725.00002C36003A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098256616.00001D1600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12097812980.00001D1600394000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098045059.00001D1600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098045059.00001D1600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12097737303.00001D16003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12345631765.0000021A33C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ims-na1-stg1.adobelogin.com/ims/jump/
Source: adobe_licensing_wf_acro.exe, 0000000E.00000003.12326823988.0000021A300C0000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12314187307.00001D1600350000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12229343280.00001D160093C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12315713087.00001D16004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ims-na1.adobelogin.com/ims/authorize/v3?client_id=ngl_acrobat_reader1&response_type=device&h
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12345631765.0000021A33C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ims-na1.adobelogin.com/ims/jump/
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312756074.00001D1600288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://k.kakaocdn.net
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312756074.00001D1600288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://k.kakaocdn.net2429d559f4
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nextdns.io/privacy
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12328043258.00001D160100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://npms.io/search?q=ponyfill.
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://odvr.nic.cz/doh
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12315494822.00001D1600498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://p.typekit.net
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: AdobeCollabSync.exe, 00000006.00000002.13035038964.000001C3B1971000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io
Source: AdobeCollabSync.exe, 00000006.00000002.13035038964.000001C3B1971000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.ios://com
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12354996262.000055900015C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12354996262.000055900015C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=dummytoken
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12354996262.000055900015C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=dummytokenU
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12356252837.000055900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: adobe_licensing_wf_acro.exe, 0000000E.00000002.12356252837.000055900020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11994239661.00004576026A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11978400087.00002C3600AA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12245592951.00001D16009DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://svgwg.org/svg2-draft/single-page.html#render-OverflowAndClipProperties
Source: AdobeCollabSync.exe, 00000006.00000003.12041049145.000001C3B1C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://trustlist.aU
Source: AdobeCollabSync.exe, 00000006.00000003.12069146468.000001C3B1E4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://trustlist.aW
Source: AdobeCollabSync.exe, 00000006.00000003.12780543325.000001C3B1C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://trustlist.adobe.c
Source: AdobeCollabSync.exe, 00000006.00000003.11919732842.000001C3B1BEF000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11960854278.000001C3B1BE8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11962428656.000001C3B1C10000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11960854278.000001C3B1C10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://trustlist.adobe.co
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12314987787.00001D1600420000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321965380.0000414600396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net;
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12280829158.00001D160206C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12347337766.00001D160207C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.behance.net/leonardoworx
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12280829158.00001D160206C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12347337766.00001D160207C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.behance.net/michaelschauer
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12317671099.00001D1600828000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cz/odvr/
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
Source: SecuritySettings.xml.1.drOLE indicator, VBA macros: true
Source: SecuritySettings.xml0.1.drOLE indicator, VBA macros: true
Source: SecuritySettings.xml1.1.drOLE indicator, VBA macros: true
Source: SecuritySettings.xml2.1.drOLE indicator, VBA macros: true
Source: SecuritySettings.xml.1.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: SecuritySettings.xml0.1.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: SecuritySettings.xml1.1.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: SecuritySettings.xml2.1.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engineClassification label: clean4.winPDF@35/70@9/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9ilqxat_bl0li2_68o.tmpJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: AdobeCollabSync.exe, 00000006.00000003.12096501309.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12149739133.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12519228404.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12745420122.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12066452867.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12328239833.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000002.13035038964.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12799794798.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12508822368.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12472880187.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM device_mappings WHERE( content_item_type = :resourceType);
Source: AdobeCollabSync.exe, 00000006.00000003.12382005306.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: select lock from resources where rid=?;A
Source: AdobeCollabSync.exe, 00000006.00000003.12096501309.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12149739133.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12519228404.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12745420122.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12066452867.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12328239833.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000002.13035038964.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12799794798.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12508822368.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12472880187.000001C3B19F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;
Source: AdobeCollabSync.exe, 00000006.00000003.12780252082.000001C3B1C4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE resources_items(id integer0;
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\End of Year Accounting for The Estate of Janet Delesanti-2.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8232
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1652,i,9816887814325324639,16998118217230622433,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe 8088
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1512 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --first-renderer-process --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=5260462015 --mojo-platform-channel-handle=2180 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=5261158621 --mojo-platform-channel-handle=2268 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=2400 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --launch-time-ticks=5279044279 --mojo-platform-channel-handle=2912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe 8088Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8232Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1652,i,9816887814325324639,16998118217230622433,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1512 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --first-renderer-process --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=5260462015 --mojo-platform-channel-handle=2180 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=5261158621 --mojo-platform-channel-handle=2268 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=2400 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --launch-time-ticks=5279044279 --mojo-platform-channel-handle=2912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: version.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: wininet.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: credui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: profapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: libcef.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: winmm.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dxgi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: oleacc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: secur32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: userenv.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: netapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: hid.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: chrome_elf.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dwrite.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: usp10.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: urlmon.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: d3d9.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dxva2.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: winhttp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: wevtapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: cryptui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: esent.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: iertutil.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dxcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: sspicli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dsrole.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: wkscli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: samcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: msasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: powrprof.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: umpdc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dpapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: nlansp_c.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dnsapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: textinputframework.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: gpapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: mmdevapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: devobj.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: cfgmgr32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: cfgmgr32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: cfgmgr32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: winsta.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: mscms.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: windows.ui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: mdmregistration.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: mdmregistration.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: omadmapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dsreg.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: apphelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: dataexchange.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: twinapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: atlthunk.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: rsaenh.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: cryptnet.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeSection loaded: coremessaging.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: libcef.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winmm.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxgi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: oleacc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: secur32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: userenv.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: hid.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: chrome_elf.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: version.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwrite.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: usp10.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: urlmon.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: d3d9.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxva2.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winhttp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wevtapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: credui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wininet.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: esent.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iertutil.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: sspicli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dsrole.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wkscli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: samcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: directxdatabasehelper.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: mf.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: mfplat.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cfgmgr32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: rtworkq.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msmpeg2vdec.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msvproc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: d3dcompiler_47.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: d3dcompiler_47.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: comppkgsup.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: libcef.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winmm.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxgi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: oleacc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: secur32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: userenv.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: hid.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: chrome_elf.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: version.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwrite.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: usp10.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: urlmon.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: d3d9.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxva2.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winhttp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wevtapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: credui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wininet.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: esent.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iertutil.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: sspicli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dsrole.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wkscli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: samcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: nlansp_c.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dnsapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: mswsock.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: libcef.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winmm.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxgi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: oleacc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: secur32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: userenv.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: hid.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: chrome_elf.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: version.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwrite.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: usp10.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: urlmon.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: d3d9.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxva2.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winhttp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wevtapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: credui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wininet.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: esent.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iertutil.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: sspicli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dsrole.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wkscli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: samcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: libcef.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winmm.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxgi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: oleacc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: secur32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: userenv.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: hid.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: chrome_elf.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: version.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwrite.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: usp10.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: urlmon.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: d3d9.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxva2.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winhttp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wevtapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: credui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wininet.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: esent.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iertutil.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: sspicli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dsrole.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wkscli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: samcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: libcef.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winmm.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxgi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: oleacc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: secur32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: userenv.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: hid.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: chrome_elf.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: version.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwrite.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: usp10.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: urlmon.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: d3d9.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxva2.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winhttp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wevtapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: credui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wininet.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: esent.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iertutil.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: sspicli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dsrole.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wkscli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: samcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: mf.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: mfplat.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cfgmgr32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: rtworkq.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msmpeg2vdec.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msvproc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dcomp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: libcef.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winmm.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxgi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: oleacc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: secur32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: userenv.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: hid.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: chrome_elf.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: version.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwrite.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ncrypt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: usp10.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: urlmon.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: d3d9.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxva2.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: winhttp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wevtapi.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: credui.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wininet.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: esent.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: iertutil.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: srvcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: netutils.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dxcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: sspicli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: dsrole.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wkscli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: samcli.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: msasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: ntasn1.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\PDFMaker.OfficeAddinJump to behavior
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfStatic file information: File size 13329417 > 6291456
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /JS count = 0
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: download-20.6.drInitial sample: PDF keyword /JS count = 0
Source: download-20.6.drInitial sample: PDF keyword /JavaScript count = 0
Source: download-18.6.drInitial sample: PDF keyword /JS count = 0
Source: download-18.6.drInitial sample: PDF keyword /JavaScript count = 0
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /Page count = 114
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword stream count = 1846
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /ObjStm count = 12
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword endobj count = 1963
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword endstream count = 1846
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword obj count = 1963
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-20Jump to dropped file
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-18Jump to dropped file
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-19Jump to dropped file
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-21Jump to dropped file
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 21600000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 21599999
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 30000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 21600000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 21599999
Source: AdobeCollabSync.exe, 00000005.00000002.13032563411.000001701A078000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5'
Source: AdobeCollabSync.exe, 00000006.00000003.12678940161.000001C3B1B25000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000002.13035892796.000001C3B1B25000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12329965695.000001C3B1B24000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12799945374.000001C3B1B24000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12931979972.000001C3B1B25000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12744361459.000001C3B1B00000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12835830272.000001C3B1B25000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12573110573.000001C3B1B24000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12584407626.000001C3B1B25000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.12727102101.000001C3B1B24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
Source: AdobeCollabSync.exe, 00000006.00000002.13033996111.000001C3AFB24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
Source: AdobeCollabSync.exe, 00000006.00000002.13035038964.000001C3B1971000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-USn
Source: adobe_licensing_wf_acro.exe, 0000000E.00000003.12328845195.0000021A30110000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12343601573.0000021A30110000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12324872711.0000021A30110000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12335390568.0000021A30110000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12316008829.0000015FD7DF4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWle%SystemRoot%\system32\mswsock.dll-log-file=C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log--mojo-platform-channel-handle=1912--field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072--disable-features=WebRtcHideLocalIp<
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1512 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --first-renderer-process --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=5260462015 --mojo-platform-channel-handle=2180 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=5261158621 --mojo-platform-channel-handle=2268 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=2400 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --launch-time-ticks=5279044279 --mojo-platform-channel-handle=2912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-us --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --gpu-preferences=uaaaaaaaaadgacayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --use-gl=angle --use-angle=swiftshader-webgl --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --mojo-platform-channel-handle=1512 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-us --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --mojo-platform-channel-handle=1912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --first-renderer-process --no-sandbox --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=5260462015 --mojo-platform-channel-handle=2180 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --no-sandbox --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=5261158621 --mojo-platform-channel-handle=2268 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-us --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --gpu-preferences=uaaaaaaaaadgacayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --use-gl=disabled --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --mojo-platform-channel-handle=2400 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --no-sandbox --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --launch-time-ticks=5279044279 --mojo-platform-channel-handle=2912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-us --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --gpu-preferences=uaaaaaaaaadgacayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --use-gl=angle --use-angle=swiftshader-webgl --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --mojo-platform-channel-handle=1512 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-us --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --mojo-platform-channel-handle=1912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --first-renderer-process --no-sandbox --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=5260462015 --mojo-platform-channel-handle=2180 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --no-sandbox --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=5261158621 --mojo-platform-channel-handle=2268 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-us --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --gpu-preferences=uaaaaaaaaadgacayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --use-gl=disabled --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --mojo-platform-channel-handle=2400 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe "c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="c:\program files\adobe\acrobat dc\acrobat\acrocef_1" --no-sandbox --log-file="c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --launch-time-ticks=5279044279 --mojo-platform-channel-handle=2912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=webrtchidelocalipswithmdns /prefetch:1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts1
Command and Scripting Interpreter		1
Scripting		11
Process Injection		11
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Exploitation for Client Execution		1
DLL Side-Loading		1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory11
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager12
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580457 Sample: End of Year Accounting for ... Startdate: 24/12/2024 Architecture: WINDOWS Score: 4 30 x1.c.lencr.org 2->30 32 www.msn.com 2->32 34 18 other IPs or domains 2->34 8 Acrobat.exe 27 151 2->8         started        process3 process4 10 adobe_licensing_wf_acro.exe 8->10         started        12 AdobeCollabSync.exe 3 8->12         started        14 AcroCEF.exe 8->14         started        process5 16 adobe_licensing_wf_helper_acro.exe 10->16         started        18 adobe_licensing_wf_helper_acro.exe 10->18         started        20 adobe_licensing_wf_helper_acro.exe 10->20         started        26 3 other processes 10->26 22 AdobeCollabSync.exe 10 131 12->22         started        24 AcroCEF.exe 14->24         started        process6 28 FullTrustNotifier.exe 22->28         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://e.com/go/lic_errcn(0%Avira URL Cloudsafe
https://trustlist.adobe.co0%Avira URL Cloudsafe
https://html.spec.whatwg.org/C/#the-details-and-summary-elements0%Avira URL Cloudsafe
https://chromium.dns.nextdns.iohttps://nextdns.io/privacyhttps://public.dns.iij.jp/https://dns.sb/pr0%Avira URL Cloudsafe
https://e.com/go/lic_proX0%Avira URL Cloudsafe
https://drafts.csswg.org/css-color-adjust-1/#forced-colors-properties0%Avira URL Cloudsafe
http://e5.o.lenc0%Avira URL Cloudsafe
https://e.com/go/lic_cloH0%Avira URL Cloudsafe
https://e.com/go/lic_conerror_tw0%Avira URL Cloudsafe
https://e.com/go/lic_pro0%Avira URL Cloudsafe
https://k.kakaocdn.net2429d559f40%Avira URL Cloudsafe
https://trustlist.aU0%Avira URL Cloudsafe
https://trustlist.adobe.c0%Avira URL Cloudsafe
https://trustlist.aW0%Avira URL Cloudsafe
https://svgwg.org/svg2-draft/single-page.html#render-OverflowAndClipProperties0%Avira URL Cloudsafe
https://client-v.adobe.i//core-mdetectiotion-pubeedge.neH$0%Avira URL Cloudsafe
https://comments.adobe.0%Avira URL Cloudsafe
http://lists.w3.org/Archives/Public/public-svg-wg/2008JulSep/0347.html0%Avira URL Cloudsafe
https://auth.services.0%Avira URL Cloudsafe
http://e5.o.lenc_0%Avira URL Cloudsafe
http://e5.o.lencr.org1.3.6.1.5.5.7.48.2http://e5.i.lencr.org/gC0%Avira URL Cloudsafe
https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements0%Avira URL Cloudsafe
https://use.typekit.net;0%Avira URL Cloudsafe
http://css3pie.com0%Avira URL Cloudsafe
https://ims-na1-stg1.adobelogin.com/ims/jump/0%Avira URL Cloudsafe
http://e5.o.lencr.org1.3.6.1.5.5.7.48.2http://e5.i.lencr.org/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
resources-prod.licensingstack.com
18.161.92.206
truefalse
    		high
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    		217.20.58.98
    		truefalse
      		high
      ax-0001.ax-msedge.net
      		150.171.27.10
      		truefalse
        		high
        pki-goog.l.google.com
        		142.250.181.99
        		truefalse
          		high
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		high
            sni1gl.wpc.sigmacdn.net
            		152.199.21.175
            		truefalse
              		high
              assets.msn.com
              		unknown
              		unknownfalse
                		high
                x1.c.lencr.org
                		unknown
                		unknownfalse
                  		high
                  ims-na1.adobelogin.com
                  		unknown
                  		unknownfalse
                    		high
                    srtb.msn.com
                    		unknown
                    		unknownfalse
                      		high
                      res.public.onecdn.static.microsoft
                      		unknown
                      		unknownfalse
                        		high
                        tse1.mm.bing.net
                        		unknown
                        		unknownfalse
                          		high
                          c.pki.goog
                          		unknown
                          		unknownfalse
                            		high
                            aefd.nelreports.net
                            		unknown
                            		unknownfalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://e.com/go/lic_proadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962069584.0000457601974000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11961800563.000045760196C000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://npms.io/search?q=ponyfill.adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12328043258.00001D160100C000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://use.typekit.netadobe_licensing_wf_helper_acro.exe, 00000017.00000002.12314987787.00001D1600420000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://jquery.org/licenseadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11986714713.0000457601204000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12353883388.000045760260C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951333988.0000457601C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11968222782.00004576023BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11964838628.00002C36025BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947130774.00002C3601E04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12176375920.00002C3600A0C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11970754643.00002C3601204000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingadobe_licensing_wf_acro.exe, 0000000E.00000002.12354996262.000055900015C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://p.typekit.netadobe_licensing_wf_helper_acro.exe, 00000017.00000002.12315494822.00001D1600498000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://dns10.quad9.net/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.google.com/chrome/answer/6258784adobe_licensing_wf_acro.exe, 0000000E.00000002.12356252837.000055900020C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://chromium.dns.nextdns.ioadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://e.com/go/lic_errcn(adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962224811.000045760199C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11963122481.00004576019A4000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11956154447.00002C3601BA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11957871262.00002C3601BA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://sizzlejs.com/adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11986714713.0000457601204000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12353883388.000045760260C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951333988.0000457601C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11968222782.00004576023BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11964838628.00002C36025BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947130774.00002C3601E04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12176375920.00002C3600A0C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11970754643.00002C3601204000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://doh.familyshield.opendns.com/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://doh.cleanbrowsing.org/doh/security-filteradobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://html.spec.whatwg.org/C/#the-details-and-summary-elementsadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11941318590.00004576003A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11943963205.0000457600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11944089164.0000457600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11940265263.00004576003BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11943963205.0000457600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939370284.00002C3600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939566083.00002C3600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939370284.00002C3600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11930327772.00002C36003BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11931550725.00002C36003A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098256616.00001D1600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12097812980.00001D1600394000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098045059.00001D1600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098045059.00001D1600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12097737303.00001D16003B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://support.google.com/chrome/?p=plugin_flashadobe_licensing_wf_acro.exe, 0000000E.00000002.12356252837.000055900020C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://dns.google/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://public.dns.iij.jp/adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/WebReflection/url-search-params/blob/master/README.md#ios-10--other-platforms-bugadobe_licensing_wf_helper_acro.exe, 00000011.00000003.12150769074.000041460064C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000011.00000003.12150494489.0000414600624000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000011.00000003.12150769074.0000414600668000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12325583510.00001D1600E0C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12229300052.00001D1600944000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12317247925.00001D16005E8000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12317325570.00001D16005F0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12325583510.00001D1600E1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://dns.switch.ch/dns-queryhttps://dns.quad9.net/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://doh.cox.net/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://e5.o.lencadobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://fontfabrik.comadobe_licensing_wf_helper_acro.exe, 00000012.00000002.12318083316.000001D86D0D2000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12149381573.00000202E9802000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://doh.quickline.ch/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.nic.cz/odvr/adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://e.com/go/lic_cloHadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962224811.000045760199C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11963122481.00004576019A4000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11956154447.00002C3601BA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11957871262.00002C3601BA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://developers.google.com/speed/public-dns/privacyadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://dns11.quad9.net/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://cdn.arkoselabs.comadobe_licensing_wf_helper_acro.exe, 00000017.00000002.12315494822.00001D1600498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://chromium.dns.nextdns.iohttps://nextdns.io/privacyhttps://public.dns.iij.jp/https://dns.sb/pradobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://unisolated.invalid/adobe_licensing_wf_acro.exe, 0000000E.00000002.12356539412.0000559000250000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://x1.c.lencr.org/0adobe_licensing_wf_acro.exe, 0000000E.00000003.12325995983.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12327798802.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12345870709.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://x1.i.lencr.org/0adobe_licensing_wf_acro.exe, 0000000E.00000003.12325995983.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12327798802.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12345870709.0000021A33CD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://trustlist.adobe.coAdobeCollabSync.exe, 00000006.00000003.11919732842.000001C3B1BEF000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11960854278.000001C3B1BE8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11962428656.000001C3B1C10000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000003.11960854278.000001C3B1C10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://developers.google.com/speed/public-dns/privacyqueryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://drafts.csswg.org/css-color-adjust-1/#forced-colors-propertiesadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11994239661.00004576026A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11978400087.00002C3600AA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12245592951.00001D16009DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://doh-02.spectrum.com/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://k.kakaocdn.netadobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312756074.00001D1600288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://e.com/go/lic_conerror_twadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962224811.000045760199C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11963122481.00004576019A4000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11956154447.00002C3601BA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11957871262.00002C3601BA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://e.com/go/lic_proXadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962521123.00004576018E4000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11962813106.00004576018EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://trustlist.aWAdobeCollabSync.exe, 00000006.00000003.12069146468.000001C3B1E4C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://trustlist.aUAdobeCollabSync.exe, 00000006.00000003.12041049145.000001C3B1C16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://dns.switch.ch/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://dns10.quad9.net/dns-query2-adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://comments.adobe.AdobeCollabSync.exe, 00000006.00000003.11801311784.000001C3B19EA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000002.13035038964.000001C3B1971000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://ims-na1.adobelogin.com/ims/authorize/v3?client_id=ngl_acrobat_reader1&response_type=device&hadobe_licensing_wf_acro.exe, 0000000E.00000003.12326823988.0000021A300C0000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12314187307.00001D1600350000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12229343280.00001D160093C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12315713087.00001D16004C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://nextdns.io/privacyadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://odvr.nic.cz/dohadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://doh.cleanbrowsing.org/doh/family-filteradobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://client-v.adobe.i//core-mdetectiotion-pubeedge.neH$adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12223225656.00001D160084C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://e5.i.lencr.org/adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://doh.xfinity.com/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://x1.c.lencr.org/Qadobe_licensing_wf_acro.exe, 0000000E.00000002.12346583614.0000021A33CF9000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://chrome.google.com/webstoreadobe_licensing_wf_helper_acro.exe, 00000012.00000002.12324549999.0000457600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12154806027.00002C3600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312549948.00001D1600235000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://cleanbrowsing.org/privacyadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.quad9.net/home/privacy/adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://dns11.quad9.net/dns-query2-adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://ims-na1.adobelogin.com/ims/jump/adobe_licensing_wf_acro.exe, 0000000E.00000002.12345631765.0000021A33C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://chrome.cloudflare-dns.com/dns-queryAF$adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://dns64.dns.google/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://auth.services.adobe_licensing_wf_acro.exe, 0000000E.00000002.12354124020.00005590000E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://doh.cleanbrowsing.org/doh/adult-filteradobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://k.kakaocdn.net2429d559f4adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312756074.00001D1600288000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://doh.opendns.com/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://doh-01.spectrum.com/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://x1.c.lencr.org/adobe_licensing_wf_acro.exe, 0000000E.00000002.12346583614.0000021A33CF9000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33CF8000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://alekberg.net/privacybNadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://dns.quad9.net/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://svgwg.org/svg2-draft/single-page.html#render-OverflowAndClipPropertiesadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11994239661.00004576026A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11978400087.00002C3600AA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12245592951.00001D16009DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://www.cisco.com/c/en/us/about/legal/privacy-full.htmladobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321703397.0000414600378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://en.wadobe_licensing_wf_helper_acro.exe, 00000017.00000002.12311362860.0000020B216C3000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12179993294.0000020B216C2000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12155929004.0000020B216C2000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12184881547.0000020B216C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://e5.o.lenc_adobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://adobe-api.arkoselabs.comadobe_licensing_wf_helper_acro.exe, 00000017.00000002.12315494822.00001D1600498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://lists.w3.org/Archives/Public/public-svg-wg/2008JulSep/0347.htmladobe_licensing_wf_helper_acro.exe, 00000012.00000003.11994239661.00004576026A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11978400087.00002C3600AA0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12245592951.00001D16009DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://chrome.cloudflare-dns.com/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://cleanbrowsing.org/privacy2-adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://public.dns.iij.jp/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://trustlist.adobe.cAdobeCollabSync.exe, 00000006.00000003.12780543325.000001C3B1C12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://css3pie.comadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951333988.0000457601C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12351535245.00004576023AC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951900795.0000457600C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12181978104.00002C36025AC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947315564.00002C3600C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947130774.00002C3601E04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.behance.net/michaelschaueradobe_licensing_wf_helper_acro.exe, 00000017.00000003.12280829158.00001D160206C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12347337766.00001D160207C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://e5.o.lencr.org1.3.6.1.5.5.7.48.2http://e5.i.lencr.org/gCadobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://wpad/wpad.datadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12318733317.0000414600230000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://dns.sb/privacy/adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://html.spec.whatwg.org/multipage/rendering.html#hidden-elementsadobe_licensing_wf_helper_acro.exe, 00000012.00000003.11941318590.00004576003A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11943963205.0000457600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11944089164.0000457600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11940265263.00004576003BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11943963205.0000457600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939370284.00002C3600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939566083.00002C3600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11939370284.00002C3600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11930327772.00002C36003BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11931550725.00002C36003A0000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098256616.00001D1600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12097812980.00001D1600394000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098045059.00001D1600474000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12098045059.00001D1600480000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000003.12097737303.00001D16003B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://doh.dns.sb/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://e5.o.lencr.org1.3.6.1.5.5.7.48.2http://e5.i.lencr.org/adobe_licensing_wf_acro.exe, 0000000E.00000003.12325865497.0000021A33D46000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000003.12325297270.0000021A33D26000.00000004.00000020.00020000.00000000.sdmp, adobe_licensing_wf_acro.exe, 0000000E.00000002.12347339054.0000021A33D47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://use.typekit.net;adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12321965380.0000414600396000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://chrome.google.com/webstore--device-scale-factor=1--num-raster-threads=2enable-main-frame-befadobe_licensing_wf_helper_acro.exe, 00000012.00000002.12324549999.0000457600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12154806027.00002C3600235000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12312549948.00001D1600235000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/AF%adobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://ims-na1-stg1.adobelogin.com/ims/jump/adobe_licensing_wf_acro.exe, 0000000E.00000002.12345631765.0000021A33C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://www.behance.net/leonardoworxadobe_licensing_wf_helper_acro.exe, 00000017.00000003.12280829158.00001D160206C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000017.00000002.12347337766.00001D160207C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://jquery.com/adobe_licensing_wf_helper_acro.exe, 00000012.00000002.12353883388.000045760260C000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11951333988.0000457601C04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000012.00000003.11968222782.00004576023BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11964838628.00002C36025BC000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000003.11947130774.00002C3601E04000.00000004.00000800.00020000.00000000.sdmp, adobe_licensing_wf_helper_acro.exe, 00000013.00000002.12176375920.00002C3600A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://alekberg.net/privacyadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://dnsnl.alekberg.net/dns-queryadobe_licensing_wf_helper_acro.exe, 00000011.00000002.12319002502.000041460023C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high

                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                      No contacted IP infos

                                                                                                                                                                      General Information

                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                      Analysis ID:1580457
                                                                                                                                                                      Start date and time:2024-12-24 16:13:05 +01:00
                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                      Overall analysis duration:0h 8m 9s
                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                      Report type:full
                                                                                                                                                                      Cookbook file name:defaultwindowspdfcookbook.jbs
                                                                                                                                                                      Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                                                                                                                                                                      Number of analysed new started processes analysed:40
                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                      Technologies:
                                                                                                                                                                      • EGA enabled
                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                      Sample name:End of Year Accounting for The Estate of Janet Delesanti-2.pdf
                                                                                                                                                                      Detection:CLEAN
                                                                                                                                                                      Classification:clean4.winPDF@35/70@9/0
                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                      • Found application associated with file extension: .pdf
                                                                                                                                                                      • Found PDF document
                                                                                                                                                                      • Close Viewer

                                                                                                                                                                      Warnings

                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 204.79.197.203, 92.123.103.96, 92.123.103.65, 92.123.103.80, 2.16.158.27, 2.16.158.33, 2.16.158.35, 2.16.158.43, 2.16.158.42, 2.16.158.40, 2.16.158.50, 2.16.158.192, 2.16.158.32, 23.215.23.211, 54.228.247.11, 34.246.54.182, 52.48.126.58, 162.159.61.3, 172.64.41.3, 184.30.20.134, 23.218.208.137, 192.229.221.95, 52.48.8.54, 34.252.184.159, 52.31.218.129, 2.16.168.107, 2.16.168.105, 20.199.58.43, 162.159.140.165, 172.66.0.163, 95.100.135.81, 95.100.135.72, 95.100.135.74, 95.100.135.82, 95.100.135.73, 95.100.135.88, 95.100.135.66, 95.100.135.80, 95.100.135.75, 2.16.168.111, 2.16.168.100, 23.195.39.65, 20.198.119.84, 40.126.53.13, 40.126.53.9, 40.126.53.16, 40.126.53.18, 20.190.181.3, 20.231.128.65, 40.126.53.19, 40.126.53.7, 20.223.35.26, 23.43.85.15, 23.219.82.43, 23.41.169.130, 23.218.208.109, 4.175.87.197, 18.161.92.206, 54.224.241.105, 172.64.155.179
                                                                                                                                                                      • Excluded domains from analysis (whitelisted): ims-na1.adobelogin.com.cdn.cloudflare.net, auth.services.adobe.com, slscr.update.microsoft.com, resources.licenses.adobe.com, acroipm2.adobe.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, login.live.com, a122.dscd.akamai.net, ecn.dev.virtualearth.net, lcs-cops.adobe.io, e28578.d.akamaiedge.net, wu-b-net.trafficmanager.net, www.bing.com, assets.msn.com.edgekey.net, fd-api-iris.trafficmanager.net, fs.microsoft.com, acroipm2.adobe.com.edgesuite.net, www.tm.v4.a.prd.aadg.akadns.net, cdn-office.ec.azureedge.net, www-www.bing.com.trafficmanager.net, ssl.adobe.com.edgekey.net, mm-mm.bing.net.trafficmanager.net, store-images.s-microsoft.com, geo2.adobe.com, www.tm.lg.prod.aadmsa.trafficmanager.net, chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, e8652.dscx.akamaiedge.net, e4578.dscb.akamaiedge.net, aefd.nelreports.net.akamaized.net, iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com, trustlist.adobe.com, res-ocdi-publi
                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                      • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                      • VT rate limit hit for: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

                                                                                                                                                                      Simulations

                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                      10:14:07API Interceptor392941x Sleep call for process: AdobeCollabSync.exe modified

                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                      IPs

                                                                                                                                                                      No context

                                                                                                                                                                      Domains

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      ax-0001.ax-msedge.netWCeE1A6Xyz.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                      eMBO6wS1b5.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                      HUBED342024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                      Onboard Training Checklist v1.1 - Wyatt Young (1).xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 150.171.28.10
                                                                                                                                                                      https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                      OZq1f2sZz3.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                      Olz7TmvkEW.exeGet hashmaliciousUltraVNCBrowse
                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                      Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 150.171.28.10
                                                                                                                                                                      BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                      • 150.171.28.10
                                                                                                                                                                      613vKYuY2S.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 150.171.28.10
                                                                                                                                                                      resources-prod.licensingstack.comIllustrator_Set-Up.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 13.32.47.160
                                                                                                                                                                      Acrobat_Set-Up.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 18.164.124.172
                                                                                                                                                                      0nEuHt4Yr4.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                                      • 18.154.132.164
                                                                                                                                                                      SecuriteInfo.com.BScope.Trojan.Wacatac.24873.13450.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 99.86.8.219
                                                                                                                                                                      default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                      AxoPac.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 217.20.58.100
                                                                                                                                                                      [External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                      PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 217.20.58.101
                                                                                                                                                                      lKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                      fKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                      • 217.20.58.100
                                                                                                                                                                      uDTW3VjJJT.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                      data.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                      4hSuRTwnWJ.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 217.20.58.100
                                                                                                                                                                      YinLHGpoX4.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                      pki-goog.l.google.comhttps://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 142.250.181.131
                                                                                                                                                                      https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 142.250.181.131
                                                                                                                                                                      ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.217.17.67
                                                                                                                                                                      YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 74.125.21.94
                                                                                                                                                                      hades.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 74.125.139.94
                                                                                                                                                                      http://uhsee.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 142.250.181.99
                                                                                                                                                                      download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.253.124.94
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      • 172.217.17.35
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      • 142.250.181.99
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      • 142.250.181.99

                                                                                                                                                                      ASNs

                                                                                                                                                                      No context

                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                      No context

                                                                                                                                                                      Dropped Files

                                                                                                                                                                      No context

                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):292
                                                                                                                                                                      Entropy (8bit):5.153273927926388
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:cwDM+q2Pccwi2nKuAl9OmbnIFUt81wgZmw+1wDMVkwOccwi2nKuAl9OmbjLJ:hM+v0cwZHAahFUt81Z/+1MMV5dcwZHAR
                                                                                                                                                                      MD5:E44022107796FF7D18DFC50301CA7BC7
                                                                                                                                                                      SHA1:A2E1082A3C9E3A22E4ADE2B0C7893BEBA27FDC08
                                                                                                                                                                      SHA-256:C0A18BCC9700E6A54298E7AFC07281C18E1EF1C4D8FC8905EDA57DA97F8E264A
                                                                                                                                                                      SHA-512:CF32B45DA0F07D08BD7C36A9EC1CC4B8FCB296F20AB28998E3C9F0A926528DD937716B821EE3E5CED5619125AD3F66FA34D2BACB89EE8FFD3B9C730BC94A926E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/12/24-10:14:11.876 21fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/24-10:14:11.878 21fc Recovering log #3.2024/12/24-10:14:11.878 21fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):292
                                                                                                                                                                      Entropy (8bit):5.153273927926388
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:cwDM+q2Pccwi2nKuAl9OmbnIFUt81wgZmw+1wDMVkwOccwi2nKuAl9OmbjLJ:hM+v0cwZHAahFUt81Z/+1MMV5dcwZHAR
                                                                                                                                                                      MD5:E44022107796FF7D18DFC50301CA7BC7
                                                                                                                                                                      SHA1:A2E1082A3C9E3A22E4ADE2B0C7893BEBA27FDC08
                                                                                                                                                                      SHA-256:C0A18BCC9700E6A54298E7AFC07281C18E1EF1C4D8FC8905EDA57DA97F8E264A
                                                                                                                                                                      SHA-512:CF32B45DA0F07D08BD7C36A9EC1CC4B8FCB296F20AB28998E3C9F0A926528DD937716B821EE3E5CED5619125AD3F66FA34D2BACB89EE8FFD3B9C730BC94A926E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/12/24-10:14:11.876 21fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/24-10:14:11.878 21fc Recovering log #3.2024/12/24-10:14:11.878 21fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                      Entropy (8bit):5.102197622887195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:f4q2Pccwi2nKuAl9Ombzo2jMGIFUt8l0JZmw+8LDkwOccwi2nKuAl9Ombzo2jMmd:f4v0cwZHAa8uFUt8l0J/+8LD5dcwZHAv
                                                                                                                                                                      MD5:EF4FDE06F3E78F246F1BBA707D331654
                                                                                                                                                                      SHA1:620C2572056E6A1A4459186BB24A4A4E3FD34CFE
                                                                                                                                                                      SHA-256:12FF6979434BA83411BBED0110C005A68FD8A718ED862D88B8EE923258CA5F74
                                                                                                                                                                      SHA-512:FBB94D633B9FC1859A4F520595FF6ABCFD055E786C35EE60AD602B23031B8928D19667A9FCD76311D46941E66B594D005437D18E9A49DC7E4C405EA6E0C9778A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/12/24-10:14:11.942 22c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/24-10:14:11.979 22c4 Recovering log #3.2024/12/24-10:14:11.980 22c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                      Entropy (8bit):5.102197622887195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:f4q2Pccwi2nKuAl9Ombzo2jMGIFUt8l0JZmw+8LDkwOccwi2nKuAl9Ombzo2jMmd:f4v0cwZHAa8uFUt8l0J/+8LD5dcwZHAv
                                                                                                                                                                      MD5:EF4FDE06F3E78F246F1BBA707D331654
                                                                                                                                                                      SHA1:620C2572056E6A1A4459186BB24A4A4E3FD34CFE
                                                                                                                                                                      SHA-256:12FF6979434BA83411BBED0110C005A68FD8A718ED862D88B8EE923258CA5F74
                                                                                                                                                                      SHA-512:FBB94D633B9FC1859A4F520595FF6ABCFD055E786C35EE60AD602B23031B8928D19667A9FCD76311D46941E66B594D005437D18E9A49DC7E4C405EA6E0C9778A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/12/24-10:14:11.942 22c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/24-10:14:11.979 22c4 Recovering log #3.2024/12/24-10:14:11.980 22c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\203b45a9-3960-4e16-8931-ade4bfdbe559.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):476
                                                                                                                                                                      Entropy (8bit):4.97156724128965
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YH/um3RA8sqL2LuXhsBdOg2Hp5AAcaq3QYiubYnP7E4TX:Y2sRdsHyXydMHp5g3QYhbYP7n7
                                                                                                                                                                      MD5:FC55438D221FABD870C37E11168EB4A1
                                                                                                                                                                      SHA1:21A6037CC610BF7526F590BCDC0108A9E53384A6
                                                                                                                                                                      SHA-256:61CCD206EE396D6B0A58A3B5F1CC3050DFD5DCB5071F829172C4A3BB2FD94248
                                                                                                                                                                      SHA-512:B549984AB5C2AB85DF29F9D73C58133A8F3AEE819903C803A0723FBDB49E4B7B6A9B6676E3353DA8137F45A0A490AA1E76BDBEC546A3C86E20635462AC91D242
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379613271810236","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":710399},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.24","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):476
                                                                                                                                                                      Entropy (8bit):4.97156724128965
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YH/um3RA8sqL2LuXhsBdOg2Hp5AAcaq3QYiubYnP7E4TX:Y2sRdsHyXydMHp5g3QYhbYP7n7
                                                                                                                                                                      MD5:FC55438D221FABD870C37E11168EB4A1
                                                                                                                                                                      SHA1:21A6037CC610BF7526F590BCDC0108A9E53384A6
                                                                                                                                                                      SHA-256:61CCD206EE396D6B0A58A3B5F1CC3050DFD5DCB5071F829172C4A3BB2FD94248
                                                                                                                                                                      SHA-512:B549984AB5C2AB85DF29F9D73C58133A8F3AEE819903C803A0723FBDB49E4B7B6A9B6676E3353DA8137F45A0A490AA1E76BDBEC546A3C86E20635462AC91D242
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379613271810236","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":710399},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.24","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2490
                                                                                                                                                                      Entropy (8bit):5.199347789837054
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:k/tsLHT4MhflKz/w57sr8flKg9ukaxposABAtmN8sXmJ8s/MpUSv3BAtmZ:kVsLHTj2zYJs15voxBKmZX2IBKmZ
                                                                                                                                                                      MD5:A92FD721A1A711C5A08E8033D59CF931
                                                                                                                                                                      SHA1:8BFBC97121157860D7374CCD9FAD14F3A7DB8DDA
                                                                                                                                                                      SHA-256:92C891DA6E3689B7B8FD646B3064817227B5C89E8275AF353CFA8412AEF1AEE1
                                                                                                                                                                      SHA-512:CE2155A6995C207FC545A06F426CAEF73F00226F2717B01FAE4C1464A52DD74C7B69200C74FEBA82955B219AAAA04326EA44992938A2EDD568EB85A2A2E923A4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*...#................version.1..namespace-'I^.r................next-map-id.1.Snamespace-ae05de33_8cc0_4e34_9d2f_86511228726c-https://rna-v2-resource.acrobat.com/.0x.%8r................next-map-id.2.Snamespace-620912f0_b173_44a4_a2dd_2b6e03d5a667-https://rna-v2-resource.acrobat.com/.1.Oxho................next-map-id.3.Pnamespace-3f93b5cc_0b3a_45a1_a898_aa1d734e1e48-https://rna-resource.acrobat.com/.2.8.so................next-map-id.4.Pnamespace-9a1097df_23ac_40f2_a28a_c79f118db6c8-https://rna-resource.acrobat.com/.3z...r................next-map-id.5.Snamespace-7d7de5b5_9dd5_4b56_8ca5_38e8c6a17e9b-https://rna-v2-resource.acrobat.com/.4Z..mo................next-map-id.6.Pnamespace-30fc8b2c_fe8d_484e_8547_bfceb1dd86b3-https://rna-resource.acrobat.com/.5.'..^...............Pnamespace-3f93b5cc_0b3a_45a1_a898_aa1d734e1e48-https://rna-resource.acrobat.com/D..^...............Pnamespace-30fc8b2c_fe8d_484e_8547_bfceb1dd86b3-https://rna-resource.acrobat.com/&.^...............Pnamespace-9a1097df

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):324
                                                                                                                                                                      Entropy (8bit):5.069125229634421
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:tFHE4q2Pccwi2nKuAl9OmbzNMxIFUt8cJZmw+CFmNDkwOccwi2nKuAl9OmbzNMFd:tFk4v0cwZHAa8jFUt8cJ/+7ND5dcwZHP
                                                                                                                                                                      MD5:E08AA8D1AEE941AF5E8340D12312F4DC
                                                                                                                                                                      SHA1:47DE5A60C5FC3A5226725D2E8C4B74C11722AFDC
                                                                                                                                                                      SHA-256:ED019D81387152570BBCA5DE704897DF06F5A2477F534AFF0682067E3976B98E
                                                                                                                                                                      SHA-512:036B88819567B88B1AF8E1CEC90B34A4F5929F5A94040F183B402F97C2CC55F29D364068E7A9E32EB83236F14338AD149F1F3D1C3D51BAC0F70B9D7BD221C552
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/12/24-10:14:12.922 22c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/24-10:14:12.923 22c4 Recovering log #3.2024/12/24-10:14:12.924 22c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):324
                                                                                                                                                                      Entropy (8bit):5.069125229634421
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:tFHE4q2Pccwi2nKuAl9OmbzNMxIFUt8cJZmw+CFmNDkwOccwi2nKuAl9OmbzNMFd:tFk4v0cwZHAa8jFUt8cJ/+7ND5dcwZHP
                                                                                                                                                                      MD5:E08AA8D1AEE941AF5E8340D12312F4DC
                                                                                                                                                                      SHA1:47DE5A60C5FC3A5226725D2E8C4B74C11722AFDC
                                                                                                                                                                      SHA-256:ED019D81387152570BBCA5DE704897DF06F5A2477F534AFF0682067E3976B98E
                                                                                                                                                                      SHA-512:036B88819567B88B1AF8E1CEC90B34A4F5929F5A94040F183B402F97C2CC55F29D364068E7A9E32EB83236F14338AD149F1F3D1C3D51BAC0F70B9D7BD221C552
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2024/12/24-10:14:12.922 22c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/24-10:14:12.923 22c4 Recovering log #3.2024/12/24-10:14:12.924 22c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):131072
                                                                                                                                                                      Entropy (8bit):0.01330908196861665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:ImtV93zgg/oXlu3ElLv/llsU//tzDtSmlasJl9wWdHb5U/l:IiV98geu3Mr8UJcgIWdK/
                                                                                                                                                                      MD5:D01E4DF3703B53AE2AFDF91A7881AE11
                                                                                                                                                                      SHA1:EBFA8EED2B60A68055026D32DEB9B80F3A8CAB84
                                                                                                                                                                      SHA-256:9AEA2D4B77867EDEFAD0144B249D41213CE6A39D34C257FD4A7C3C8411966E5D
                                                                                                                                                                      SHA-512:0C755E3AFBACD18B796F5A664C62E4E90343E8A7728A8CFF668420E6241A879D4376358B2E6C1DC858C2087D8F3550F8CD442BE69493FF3174AD8BF55EC95FDF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:VLnk.....?.......V.D."..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):0.03771858876889238
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Gtl+t/lllZZOYYr04l+t/lllZZOYYrst0R9//blW/lvlfl:GtEtt/nYTEtt/nYo0R9Xm
                                                                                                                                                                      MD5:FF299210B8C5EFB12495FCAF199E906F
                                                                                                                                                                      SHA1:F43CE0CD98434B64CB3D8C47A718D1D315369E90
                                                                                                                                                                      SHA-256:18D4B93210B14EFDE2E8C42FBB8439107EC4B72875252A06E91AE4B9DD45BCFB
                                                                                                                                                                      SHA-512:54C4161B7382D2EFDF75E75C16997C55CFF4976CFF8C3FF782A5C7895083FE672701493827CF32D7DE10A9AC5FB2630E5D083AEF7C0636458B49F01A0714466D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..-........................|\5Q._...m=J.Zxg*|g...-........................|\5Q._...m=J.Zxg*|g.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12392
                                                                                                                                                                      Entropy (8bit):0.09290373101991575
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:OlH/lXcMWl7/ojMmyhlHXllTjoR7Xll7XcmM/Fll:KmMWl7gjMmkHrjoREj
                                                                                                                                                                      MD5:4873E08A9BA38AEFC65A607A5B9D57E7
                                                                                                                                                                      SHA1:493B20D4A930724F901529DB7332A1F5DD6D6CD2
                                                                                                                                                                      SHA-256:74150FD29A00A3DDDD754624C1F2E0CF7C52834EC50FB826DF4F400BBE13010D
                                                                                                                                                                      SHA-512:25A8523266DF59BF9248CE0B5B3E5107D5ED867E4E12E63188FE5CCA80974E215C8918DF5D6A39572D834487CC14A872975DFA82A70A737C16E37DBF77D92DCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7....-..........._...m=J.b...}........._...m=J.B@.WD..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-12-24.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (336), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3512
                                                                                                                                                                      Entropy (8bit):5.137411246734288
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:1kfQSSP+U2+os+oOnMxMFjEoIj1oKjUOYj/DWjCUzjRR4VjnTz:1kfY+U2+os+oOnMxM5Eom1owUOW/ICUM
                                                                                                                                                                      MD5:1F645446BBEB593FF3D143AA769DD145
                                                                                                                                                                      SHA1:9D88C8A6C7C65E2116F2004B67C8E1EDF607C498
                                                                                                                                                                      SHA-256:09B6D84C67B013A0F0F5A7217972FB1939E8E5660DFAD6AEA92F10B22D0D662E
                                                                                                                                                                      SHA-512:6E052833FC380B1DE7A6669E7D7F6ECE7E29FCF973996813F99D17BD349C84163EF8ED8D6BAD72B5051F9D0608DC809788BB83515AC446D17D5586F0FC02C702
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:20241224-101407.479: t=20d8: Info: app: Begin Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.304)..20241224-101407.494: t=20d8: Info: app: End Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.304)..20241224-101407.494: t=205c: Info: AppShell: End start (AppShell.cpp.musync::AppShell::startup.178)..20241224-101407.494: t=205c: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20241224-101407.494: t=205c: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20241224-101407.494: t=205c: Info: Cosylib: getEntityClient (CosyLibImpl.h.cosylib::CosyLibImpl::getEntityClient.166)..20241224-101407.494: t=205c: Info: ES::cosylib: EntityClientImpl::getRegisteredLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::getRegisteredLoginInfo.975)..20241224-101407.494: t=205c: Info: ES::cosylib: RequestHandle :

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241224151414Z-317.bmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):71190
                                                                                                                                                                      Entropy (8bit):1.2144840063009765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:/EbhKbe69rISaM5msPg5EJGmpYBJPi1J9Hi4H:/EbEe69rISaM5msPg5EJGmpY/q35H
                                                                                                                                                                      MD5:9C04696C6A6B44949F27D94D383A0E93
                                                                                                                                                                      SHA1:93C767BAE59E2F194403BEE55ECAF3169F0B2113
                                                                                                                                                                      SHA-256:D17EAB518EB992E1146EC161E9BE1A9CEC7591B335DB9DB09C38CB4391E0B172
                                                                                                                                                                      SHA-512:EF18C1CCDAB3DA7051C24EE1CF4149B2C5D7B2EC24FE675200CFA169D7C4518F93DEEC66608ED36656247F079C631FBB70566958A80B16216439F7F898AB80A4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-18

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):398592
                                                                                                                                                                      Entropy (8bit):7.923333662103532
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:hheIDBNOUuEnq5S6h+r4NyqupAtkABaNBHPKYtPknen9zgshLf51dBObpcZeHmmx:LeI1Lnq5Y4AAt7aBtPkneFgsd5DMJ
                                                                                                                                                                      MD5:1F5F4A34DDB54C2A73341E3A4031CDE1
                                                                                                                                                                      SHA1:0C37BFF2D5B0DD3AE55A087C4A37235AD33C3ED2
                                                                                                                                                                      SHA-256:1D123A5C3EE55F1156F583610D95B18BBF47659A5C0AEA42098A2CF2266FB602
                                                                                                                                                                      SHA-512:2D9EB21F5262274D095CF3628ED673477A0DE1641DF7B8F339BC25F4941A34611D71C0AC0F66E177A0E5DB1B9A861D9F32DC87FCD775EB3FB48351E635AFEC2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDF-1.6.%......18 0 obj.<</Linearized 1/L 398592/O 20/E 37338/N 1/T 398271/H [ 453 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<B7B93126739A9448936B71978D01B3FC><9753B38B6B3D7D4FAB25DF9546D516F6>]/Index[18 13]/Info 17 0 R/Length 49/Prev 398272/Root 19 0 R/Size 31/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`...._@D/....EF.L....,..F...............endstream.endobj.startxref..0..%%EOF.. ..30 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``....}q.....Y.8.8.......A...s.37....0...f...:i...`..L...1,..V........k.<...1.......`.R..6..endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Legal<</Attestation(I have included this content to make the document more interactive)>>/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/PageMode/UseAttachments/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 28 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-19

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3955077
                                                                                                                                                                      Entropy (8bit):7.994057834494278
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:98304:8x6K9lAVcvusM9OaFWc2VsZuJHhl9mdC3i5eLqZ:8x6hVVb5Wc2eIXl9zLqZ
                                                                                                                                                                      MD5:9B03D106162AACB300A359DC05992151
                                                                                                                                                                      SHA1:060EE23A3145A57E784F7A913317A0457F7B140D
                                                                                                                                                                      SHA-256:FA493F9EC9B7D5109BF936526F407CE13423F3AC524A79C73E92A11908B759A9
                                                                                                                                                                      SHA-512:9005D48D7D116C9D8CF938208509A7147426916DEB63B9A4D44AAEDA3863911BC5520351F4AD3FCC36DC74E5E35DE90F5A1243130366D9D405599329534EBF1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDF-1.6.%......18 0 obj.<</Linearized 1/L 3955077/O 20/E 36618/N 1/T 3954758/H [ 454 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<CDC988CBA9DCA0408A7B84D11E91181A><DCEC4DBBE2B5824C98FD12F5B4CB23EE>]/Index[18 11]/Info 17 0 R/Length 49/Prev 3954759/Root 19 0 R/Size 29/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`....M@...Ht....y.L...@b..H...............endstream.endobj.startxref..0..%%EOF.. ..28 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``.`.........Y.8.8.......A...s#.r.......B3.h.......i..`...?.+c.b1....ww$..l.6..P.......2....endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 26 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources<<>>/Rotate 0/Type/Page>>.endobj.21 0 obj.<</ByteRange[ 0 1044 35594 3919483]

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-20

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):398592
                                                                                                                                                                      Entropy (8bit):7.923333662103532
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:hheIDBNOUuEnq5S6h+r4NyqupAtkABaNBHPKYtPknen9zgshLf51dBObpcZeHmmx:LeI1Lnq5Y4AAt7aBtPkneFgsd5DMJ
                                                                                                                                                                      MD5:1F5F4A34DDB54C2A73341E3A4031CDE1
                                                                                                                                                                      SHA1:0C37BFF2D5B0DD3AE55A087C4A37235AD33C3ED2
                                                                                                                                                                      SHA-256:1D123A5C3EE55F1156F583610D95B18BBF47659A5C0AEA42098A2CF2266FB602
                                                                                                                                                                      SHA-512:2D9EB21F5262274D095CF3628ED673477A0DE1641DF7B8F339BC25F4941A34611D71C0AC0F66E177A0E5DB1B9A861D9F32DC87FCD775EB3FB48351E635AFEC2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDF-1.6.%......18 0 obj.<</Linearized 1/L 398592/O 20/E 37338/N 1/T 398271/H [ 453 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<B7B93126739A9448936B71978D01B3FC><9753B38B6B3D7D4FAB25DF9546D516F6>]/Index[18 13]/Info 17 0 R/Length 49/Prev 398272/Root 19 0 R/Size 31/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`...._@D/....EF.L....,..F...............endstream.endobj.startxref..0..%%EOF.. ..30 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``....}q.....Y.8.8.......A...s.37....0...f...:i...`..L...1,..V........k.<...1.......`.R..6..endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Legal<</Attestation(I have included this content to make the document more interactive)>>/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/PageMode/UseAttachments/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 28 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-21

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3955077
                                                                                                                                                                      Entropy (8bit):7.994057834494278
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:98304:8x6K9lAVcvusM9OaFWc2VsZuJHhl9mdC3i5eLqZ:8x6hVVb5Wc2eIXl9zLqZ
                                                                                                                                                                      MD5:9B03D106162AACB300A359DC05992151
                                                                                                                                                                      SHA1:060EE23A3145A57E784F7A913317A0457F7B140D
                                                                                                                                                                      SHA-256:FA493F9EC9B7D5109BF936526F407CE13423F3AC524A79C73E92A11908B759A9
                                                                                                                                                                      SHA-512:9005D48D7D116C9D8CF938208509A7147426916DEB63B9A4D44AAEDA3863911BC5520351F4AD3FCC36DC74E5E35DE90F5A1243130366D9D405599329534EBF1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDF-1.6.%......18 0 obj.<</Linearized 1/L 3955077/O 20/E 36618/N 1/T 3954758/H [ 454 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<CDC988CBA9DCA0408A7B84D11E91181A><DCEC4DBBE2B5824C98FD12F5B4CB23EE>]/Index[18 11]/Info 17 0 R/Length 49/Prev 3954759/Root 19 0 R/Size 29/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`....M@...Ht....y.L...@b..H...............endstream.endobj.startxref..0..%%EOF.. ..28 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``.`.........Y.8.8.......A...s#.r.......B3.h.......i..`...?.+c.b1....ww$..l.6..P.......2....endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 26 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources<<>>/Rotate 0/Type/Page>>.endobj.21 0 obj.<</ByteRange[ 0 1044 35594 3919483]

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 70, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 70
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):94208
                                                                                                                                                                      Entropy (8bit):1.5673610800689062
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:uoGsTzoU2fCCaUxm72i6xvXWGJffmoGsTzoU2fCCaUxLLZWLGjZIPj5YAxNoGsTd:0xC/2DxvWGVfMxCJN
                                                                                                                                                                      MD5:42644F9D23EC6E2DFE39F5DA658DF001
                                                                                                                                                                      SHA1:22C34B29569C3C797FB8E64C158CB15B0830C21B
                                                                                                                                                                      SHA-256:1B5E0301E3E6D73D130D7E31BA580FA2E062C40D02CDEC09B716B6F8CB325D63
                                                                                                                                                                      SHA-512:FC8629BA8C7FDD78700D14CE85BF42B8C4564D842072063EDDBE9A0CA77F0D0C0864A6A312608C8C378E1EF2726F49DEDB154B37C813328AF583B4F2EA63A2C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ...F...................................................................F..c......................>...;.....k...r..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z...-%.qindexdependencies_diddependencies.CREATE INDEX dependencies_did on dependencies(did)n...5%...indexdependencies_rid_diddependencies.CREATE UNIQUE INDEX dependencies_rid_did on dependencies(rid,did)Z...-%.qindexdependencies_riddependencies.CREATE INDEX dependencies_rid on dependencies(rid).....%%..wtabledependencie

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:SQLite Rollback Journal
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):37448
                                                                                                                                                                      Entropy (8bit):2.173937432855597
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:7hk5i6xvlmFb9JYFiWWr6c6YFiWi/8i8MyEgrFMMDuoLxe1rq2jy9Mjpo5kqU8TK:7si6xvlmF4NloGsTzoU2fCCaUxmQ
                                                                                                                                                                      MD5:0CE562829622AE938F56664353EEE41C
                                                                                                                                                                      SHA1:1E5084874658C014D618F30CD382AA6CA6A7BAAD
                                                                                                                                                                      SHA-256:E736CA7DC86BD32D4E00E376826C508CFDF64F5E4DB35B9676E288E9C23FA12B
                                                                                                                                                                      SHA-512:BAF596A8F006BCC0B5DD3185F52E5FE96B60845CE4EBABB3082BEC2C558E5D07CD6E77BC5664BA4249B986929A0273770D2A0F6EE7EF2435A297D025ADD936D0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.... .c.....41\........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................x.K.............a.?..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18 (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):398592
                                                                                                                                                                      Entropy (8bit):7.923333662103532
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:hheIDBNOUuEnq5S6h+r4NyqupAtkABaNBHPKYtPknen9zgshLf51dBObpcZeHmmx:LeI1Lnq5Y4AAt7aBtPkneFgsd5DMJ
                                                                                                                                                                      MD5:1F5F4A34DDB54C2A73341E3A4031CDE1
                                                                                                                                                                      SHA1:0C37BFF2D5B0DD3AE55A087C4A37235AD33C3ED2
                                                                                                                                                                      SHA-256:1D123A5C3EE55F1156F583610D95B18BBF47659A5C0AEA42098A2CF2266FB602
                                                                                                                                                                      SHA-512:2D9EB21F5262274D095CF3628ED673477A0DE1641DF7B8F339BC25F4941A34611D71C0AC0F66E177A0E5DB1B9A861D9F32DC87FCD775EB3FB48351E635AFEC2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDF-1.6.%......18 0 obj.<</Linearized 1/L 398592/O 20/E 37338/N 1/T 398271/H [ 453 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<B7B93126739A9448936B71978D01B3FC><9753B38B6B3D7D4FAB25DF9546D516F6>]/Index[18 13]/Info 17 0 R/Length 49/Prev 398272/Root 19 0 R/Size 31/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`...._@D/....EF.L....,..F...............endstream.endobj.startxref..0..%%EOF.. ..30 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``....}q.....Y.8.8.......A...s.37....0...f...:i...`..L...1,..V........k.<...1.......`.R..6..endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Legal<</Attestation(I have included this content to make the document more interactive)>>/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/PageMode/UseAttachments/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 28 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-19 (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3955077
                                                                                                                                                                      Entropy (8bit):7.994057834494278
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:98304:8x6K9lAVcvusM9OaFWc2VsZuJHhl9mdC3i5eLqZ:8x6hVVb5Wc2eIXl9zLqZ
                                                                                                                                                                      MD5:9B03D106162AACB300A359DC05992151
                                                                                                                                                                      SHA1:060EE23A3145A57E784F7A913317A0457F7B140D
                                                                                                                                                                      SHA-256:FA493F9EC9B7D5109BF936526F407CE13423F3AC524A79C73E92A11908B759A9
                                                                                                                                                                      SHA-512:9005D48D7D116C9D8CF938208509A7147426916DEB63B9A4D44AAEDA3863911BC5520351F4AD3FCC36DC74E5E35DE90F5A1243130366D9D405599329534EBF1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDF-1.6.%......18 0 obj.<</Linearized 1/L 3955077/O 20/E 36618/N 1/T 3954758/H [ 454 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<CDC988CBA9DCA0408A7B84D11E91181A><DCEC4DBBE2B5824C98FD12F5B4CB23EE>]/Index[18 11]/Info 17 0 R/Length 49/Prev 3954759/Root 19 0 R/Size 29/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`....M@...Ht....y.L...@b..H...............endstream.endobj.startxref..0..%%EOF.. ..28 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``.`.........Y.8.8.......A...s#.r.......B3.h.......i..`...?.+c.b1....ww$..l.6..P.......2....endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 26 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources<<>>/Rotate 0/Type/Page>>.endobj.21 0 obj.<</ByteRange[ 0 1044 35594 3919483]

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-20 (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):398592
                                                                                                                                                                      Entropy (8bit):7.923333662103532
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:hheIDBNOUuEnq5S6h+r4NyqupAtkABaNBHPKYtPknen9zgshLf51dBObpcZeHmmx:LeI1Lnq5Y4AAt7aBtPkneFgsd5DMJ
                                                                                                                                                                      MD5:1F5F4A34DDB54C2A73341E3A4031CDE1
                                                                                                                                                                      SHA1:0C37BFF2D5B0DD3AE55A087C4A37235AD33C3ED2
                                                                                                                                                                      SHA-256:1D123A5C3EE55F1156F583610D95B18BBF47659A5C0AEA42098A2CF2266FB602
                                                                                                                                                                      SHA-512:2D9EB21F5262274D095CF3628ED673477A0DE1641DF7B8F339BC25F4941A34611D71C0AC0F66E177A0E5DB1B9A861D9F32DC87FCD775EB3FB48351E635AFEC2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDF-1.6.%......18 0 obj.<</Linearized 1/L 398592/O 20/E 37338/N 1/T 398271/H [ 453 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<B7B93126739A9448936B71978D01B3FC><9753B38B6B3D7D4FAB25DF9546D516F6>]/Index[18 13]/Info 17 0 R/Length 49/Prev 398272/Root 19 0 R/Size 31/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`...._@D/....EF.L....,..F...............endstream.endobj.startxref..0..%%EOF.. ..30 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``....}q.....Y.8.8.......A...s.37....0...f...:i...`..L...1,..V........k.<...1.......`.R..6..endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Legal<</Attestation(I have included this content to make the document more interactive)>>/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/PageMode/UseAttachments/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 28 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-21 (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3955077
                                                                                                                                                                      Entropy (8bit):7.994057834494278
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:98304:8x6K9lAVcvusM9OaFWc2VsZuJHhl9mdC3i5eLqZ:8x6hVVb5Wc2eIXl9zLqZ
                                                                                                                                                                      MD5:9B03D106162AACB300A359DC05992151
                                                                                                                                                                      SHA1:060EE23A3145A57E784F7A913317A0457F7B140D
                                                                                                                                                                      SHA-256:FA493F9EC9B7D5109BF936526F407CE13423F3AC524A79C73E92A11908B759A9
                                                                                                                                                                      SHA-512:9005D48D7D116C9D8CF938208509A7147426916DEB63B9A4D44AAEDA3863911BC5520351F4AD3FCC36DC74E5E35DE90F5A1243130366D9D405599329534EBF1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PDF-1.6.%......18 0 obj.<</Linearized 1/L 3955077/O 20/E 36618/N 1/T 3954758/H [ 454 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<CDC988CBA9DCA0408A7B84D11E91181A><DCEC4DBBE2B5824C98FD12F5B4CB23EE>]/Index[18 11]/Info 17 0 R/Length 49/Prev 3954759/Root 19 0 R/Size 29/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`....M@...Ht....y.L...@b..H...............endstream.endobj.startxref..0..%%EOF.. ..28 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``.`.........Y.8.8.......A...s#.r.......B3.h.......i..`...?.+c.b1....ww$..l.6..P.......2....endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 26 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources<<>>/Rotate 0/Type/Page>>.endobj.21 0 obj.<</ByteRange[ 0 1044 35594 3919483]

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):295
                                                                                                                                                                      Entropy (8bit):5.349268138462658
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJM3g98kUwPeUkwRe9:YvXKXz9PcPuvhjVGMbLUkee9
                                                                                                                                                                      MD5:BF7A80684DEE76C50C69C8E0D0F44274
                                                                                                                                                                      SHA1:FF5C8A5FD21EEF4BF571FF63F037B8987D662F6F
                                                                                                                                                                      SHA-256:A3D7A802A923BB221CA6D09251CFD1DD517B16C92B7B0D07ACF77D619F34B89B
                                                                                                                                                                      SHA-512:3E531EB809A91A0C62AEC877014DBBE5DD0633E77444BD981FF2E95A760414CA35D3DFB8459A423D5E01F782B7104A945E3285267ABF3620F367FBCB58A96440
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Acrobat_Notification_Surface

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):295
                                                                                                                                                                      Entropy (8bit):5.22685078998203
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJfNpc2VpnrPeUkwRe9:YvXKXz9PcPuvhjVG5cUkee9
                                                                                                                                                                      MD5:EA1F8202625CFAB5703E9F28A4A8CF21
                                                                                                                                                                      SHA1:5DB4B6CB76B1D4C5A200273E0DB686BD82147EEA
                                                                                                                                                                      SHA-256:0951C755485CAB2E2C027FB51E8E84F3226761300F37C069A2023516FDAE7A23
                                                                                                                                                                      SHA-512:4BD3DC77E2F375B160594757A59D5B63ED8A30553956E6FB009BCDE7403A6DF19D8D3A59F6A42FEA23CB979B287DA6AC448E783E27A1ECD7A29DFC06F4196A67
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Acrobat_Notification_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):294
                                                                                                                                                                      Entropy (8bit):5.288901918186534
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJfBoTfXpnrPeUkwRe9:YvXKXz9PcPuvhjVGWTfXcUkee9
                                                                                                                                                                      MD5:21622ACFF0122B851F2702CDCAFB08A8
                                                                                                                                                                      SHA1:87674D26A3AF0087A9A2DC00C994FB4B367B6DB2
                                                                                                                                                                      SHA-256:26FE636E8CCAFC19C49CA3A344CED2CB8F5CC10E1848E096E135796BFFA9D393
                                                                                                                                                                      SHA-512:6ADB99BFFC7F766B2DDF626AFABD98FA8FDCB9BA8803567DEF2A37A900DD3C187EE48A3A7195DF616A1BC8750A834DC155CA66DF5EA7A258D76991E5D40D5A7F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):294
                                                                                                                                                                      Entropy (8bit):5.268099666155738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJfBD2G6UpnrPeUkwRe9:YvXKXz9PcPuvhjVGR22cUkee9
                                                                                                                                                                      MD5:2436110C5D2F05845CF468F7EFE01E97
                                                                                                                                                                      SHA1:4F7F7E5E6325C3CDB63B7BFBA4EE32C3B318F141
                                                                                                                                                                      SHA-256:20EFF5F18B04E57F3E9691B6E91B581CC50EABA5F4ACE63C11DEBE60691B8E18
                                                                                                                                                                      SHA-512:B964585726C880D7760D229F1F0B9096CC12FFD44154DD0335F81E2B069CB57F4F02EE17958D870F7883CB758ED06CFDA091CE945A881A3DDBFA8618B2742BAA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):285
                                                                                                                                                                      Entropy (8bit):5.314821500767445
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJfPmwrPeUkwRe9:YvXKXz9PcPuvhjVGH56Ukee9
                                                                                                                                                                      MD5:FCCCF5E918AEFAD97F7A06BAC010BEA5
                                                                                                                                                                      SHA1:D3A07E7648CC3119A2EE81657753CC4B50C2BD36
                                                                                                                                                                      SHA-256:80373C145DF7996A326894C6C5BE9901C683218BE5FD8EE13B9932DD34A16951
                                                                                                                                                                      SHA-512:C9C1F343F10ADD0D2AA3628557A59D5D1B61DDCCE06CBEF80117B98BD4257414567294C824830FFFA30A8042BF4441A192413C4F04AC26E8DD81413E02ACF927
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1123
                                                                                                                                                                      Entropy (8bit):5.686641721269486
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Yv6Xt5EpLgE9cQx8LennAvzBvkn0RCmK8czOCCSNj:Yvaqhgy6SAFv5Ah8cv/Nj
                                                                                                                                                                      MD5:DAA366848D89489CE9FD42BD9B6DD117
                                                                                                                                                                      SHA1:101FFF340D86F229A8E48D0FE8B2497EADD2D6FC
                                                                                                                                                                      SHA-256:A3A292405DE596C07247CFD121CFCC0354774D6AE0B6DBD1AD2BC8F83EADCA43
                                                                                                                                                                      SHA-512:DF58889D2EFE33F32101C328F728780FFA29C18BCFF4A03BB0C99AA59C4427C01C12DB34F2D40AE9300B32042E3B4B92259D7B59FEA12D90965D654CFA392816
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):289
                                                                                                                                                                      Entropy (8bit):5.276481801630329
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJf8dPeUkwRe9:YvXKXz9PcPuvhjVGU8Ukee9
                                                                                                                                                                      MD5:CB841C363BCFAE89CE5C8FF2F5034AF9
                                                                                                                                                                      SHA1:9FDC18D7AB8F0FB1A195E2084A8DFCBF2C16EC0A
                                                                                                                                                                      SHA-256:2475AA832D9BF62425514AAB949AC1AC92BBB69A911C12FD08B29CA3873CC701
                                                                                                                                                                      SHA-512:4CFCEC48AC466DF608CD5D8E9FF380BAA9CACD07B006705FF90003727B0DC6B57103FC469F75EA1FD69EB7231125616ECE709FCB837D6837EA45C34D4AF0DC2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):292
                                                                                                                                                                      Entropy (8bit):5.2696258044583395
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJfQ1rPeUkwRe9:YvXKXz9PcPuvhjVGY16Ukee9
                                                                                                                                                                      MD5:533E8E9D8C4E7EFC0787CDDEA32A5DFD
                                                                                                                                                                      SHA1:0C06EEB79AADE76B4C6FF64F870319F6680DC59A
                                                                                                                                                                      SHA-256:243B7D626D68E41D1D17CE898BC4F65B7C0D4BD3123C19BC55732D97E59D0C86
                                                                                                                                                                      SHA-512:1A721DA7CC3D9E412348D2F533427D95A3BC929138A999F3CF76B0FD25349F3C51DFBBA3BBA03149C469DD62FBFCC0FAB65E8E5E355A89CEDABB4B119F3A7DF0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):289
                                                                                                                                                                      Entropy (8bit):5.282317159271306
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJfFldPeUkwRe9:YvXKXz9PcPuvhjVGz8Ukee9
                                                                                                                                                                      MD5:04FA9C14D4DF93796B4D6A4B040A43A7
                                                                                                                                                                      SHA1:47B4082F0CF17D5103154A92ED471268EB0ADF51
                                                                                                                                                                      SHA-256:97F0EBB28B92BF9FFC26C4B6785F61B2A1BDFAEFCC207383DDFFE192BA11B588
                                                                                                                                                                      SHA-512:690C62E0E749E9FBC1FEDB189276CA362A28C252D5B20B5AE362D0831161DA5968C40CD30A31557DC98E3DDAE5B54195B89241654AA178A96A6B0DDBDE1E0F72
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):295
                                                                                                                                                                      Entropy (8bit):5.300024762662517
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJfzdPeUkwRe9:YvXKXz9PcPuvhjVGb8Ukee9
                                                                                                                                                                      MD5:B82CD40267893748B5F0002F05FFA74F
                                                                                                                                                                      SHA1:04063A09CB99DB159C27EF848F91D655CC515267
                                                                                                                                                                      SHA-256:032F82DD82CA55A21371D6E353898CA2B35B6AFD4D05A8FF98B0F5786B9B36C9
                                                                                                                                                                      SHA-512:40FAF71C9385286BED2DDC0849B90A5F62E2BB950B87E26421B4B11B7A5FAF6809D58791F9A6FFF9051C378E6322CC32F97636A4B0848B1F7F5D945D68E210E4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):289
                                                                                                                                                                      Entropy (8bit):5.281294854423831
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJfYdPeUkwRe9:YvXKXz9PcPuvhjVGg8Ukee9
                                                                                                                                                                      MD5:700DE24F71B2F95533C51FC8DC1ED286
                                                                                                                                                                      SHA1:61D7E5FDD0AF3CA916BC114AD3ECCC0E5EBCE990
                                                                                                                                                                      SHA-256:52391874A37214D9B043EDA385BD895D6261BBF10101644D41B132A4482A4D8A
                                                                                                                                                                      SHA-512:9293AF7B54A8F196FD8E54EB6C608439CB75EAA810A841476AA7B80C1C84AF53B1461046BDB0C34B1FFA2A60E295F110DEC6A24A2DA0062D40601276D1E5B894
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):284
                                                                                                                                                                      Entropy (8bit):5.267015911303462
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJf+dPeUkwRe9:YvXKXz9PcPuvhjVG28Ukee9
                                                                                                                                                                      MD5:E18A57EE24C6963D218506D39132D97D
                                                                                                                                                                      SHA1:0574D01CB7D6DE1772AC732D52ECD723A20BE9BB
                                                                                                                                                                      SHA-256:D5FA03E05D31B6F5D206830484B2761FB503A227DDADCF62DD25CA5F33F2F3B4
                                                                                                                                                                      SHA-512:80B804CB2B6EF4CF55F68D2F0EB55B49C2DBA764B8534047E6D9E160A2DCC7EDF903AF11E89F0A9E186999FEB670B323177DCE0FFB88092A3288C8B18BD2856B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):291
                                                                                                                                                                      Entropy (8bit):5.264970509799249
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJfbPtdPeUkwRe9:YvXKXz9PcPuvhjVGDV8Ukee9
                                                                                                                                                                      MD5:7D60A3D7855D4A8A8205A9CF68F89F94
                                                                                                                                                                      SHA1:4F1FEB184C4382803CBF38B0B6760721811B8B5C
                                                                                                                                                                      SHA-256:1B7B0B444CBADDE3E0C180032AF36826D8EBF65EB81F27D8D8160936DF809676
                                                                                                                                                                      SHA-512:4423E840F5660441BBE7AE4AE8DE5E68FF25B81FD912DF685ED91F41F96E9F14E81E1890FD57F90542F57CE60D78A287B31480AD8424FD43CD749D028BEF3E5B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):287
                                                                                                                                                                      Entropy (8bit):5.257877324294066
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJf21rPeUkwRe9:YvXKXz9PcPuvhjVG+16Ukee9
                                                                                                                                                                      MD5:21C989CFCE90676681D229C2A8CE843B
                                                                                                                                                                      SHA1:883767E43C6BBA71A44A7A1CE9FD8FB63A8A8ABC
                                                                                                                                                                      SHA-256:137BD7A9ABB6BE9C1D4D72F9DF0A32EF49B4BB065847907DC3CF8F41E07ADE40
                                                                                                                                                                      SHA-512:4FB48A965E275C78971DFE6D6F5A8AA671225B0D89EEEFAFCF2BED629132319568B3B61C7C4C78F4C6E35F95805F5ED061605CF646631F50D3AE7DF6FDCD89BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1090
                                                                                                                                                                      Entropy (8bit):5.663559893446116
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Yv6Xt5gamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSNj:Yva4BgkDMUJUAh8cvMNj
                                                                                                                                                                      MD5:DB320B97FB4E8991B2F84F13C6048D91
                                                                                                                                                                      SHA1:A5238EF1A809E615069AF46961D824CAB7D1A329
                                                                                                                                                                      SHA-256:67E6D3297DB60BD323F47A8A788050CD9147DDF2AF5FDAE74E0AC9E0ABC480B3
                                                                                                                                                                      SHA-512:9036F1DDFC11BA451942A42631875EC60E6FD986F01EFFA33BE937F36F34325FC6FDEECB5E269634885D8F86EDDE919ED356EE5B815FF325268F411A3A875791
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4647
                                                                                                                                                                      Entropy (8bit):5.800935799844622
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:GaKgFGzavDLsr+EsDaQhsDXDCwsDcMJCsDP0KaKO05CM3DTW:/FvLsrzsDnhsDXD7sDHCsDP0B0N3DTW
                                                                                                                                                                      MD5:136D7B689CB3AC1F705F2071B53E18A2
                                                                                                                                                                      SHA1:BCDBE6808747CE584B100494885851799FEDBC94
                                                                                                                                                                      SHA-256:71F9339EA499CE90D5D8F24A6B142F236D212ADFBB0EF2E22314C7680C14ACD7
                                                                                                                                                                      SHA-512:E244DBC8ACEF675F22BC1798C1ABD50A356595771BEF8DFDDA10576290AE3B64A6D5EB7A38BD67EF7E118DC960FD6431918516C071505750607A6B4CA592B50B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Upsell_Cards"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93813_290796ActionBlock_0","campaignId":93813,"containerId":"1","controlGroupId":"","treatmentId":"0be09e78-bbb0-4ac9-b112-1bb22b5f1b4b","variationId":"290796"},"containerId":1,"containerLabel":"JSON for DC Reader Upsell Cards","content":{"data":"eyJSZWRhY3RQREYiOnsiZGF0YVR5cGUiOiJ1cmwiLCJkYXRhIjp7ImxpZ2h0IjoiaHR0cHM6Ly9vZGluLmFkb2JlLmNvbS9jb250ZW50L2RhbS9hY3JvYmF0ZGVza3RvcC9jdnMvZ3Jvd3RoL3JlYWRlci9yZ3MwMzU5L3YyL2luZGV4Lmh0bWw\/ZXhwZXJpZW5jZT1yZWRhY3R8ZW58MXxsaWdodHxyZWFkZXJ8VVMiLCJkYXJrIjoiaHR0cHM6Ly9vZGluLmFkb2JlLmNvbS9jb250ZW50L2RhbS9hY3JvYmF0ZGVza3RvcC9jdnMvZ3Jvd3RoL3JlYWRlci9yZ3MwMzU5L3YyL2luZGV4Lmh0bWw\/ZXhwZXJpZW5jZT1y

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):282
                                                                                                                                                                      Entropy (8bit):5.243568255075147
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YEQXJ2HXjPkyPEOmPuvLF0YeS2ieoAvJTqgFCrPeUkwRe9:YvXKXz9PcPuvhjVGTq16Ukee9
                                                                                                                                                                      MD5:E2D23A0147B39E999D157FF355EDDD5F
                                                                                                                                                                      SHA1:A1B01720E96E80A6824B18FE49E6A2E951D691D2
                                                                                                                                                                      SHA-256:4C0FE7A4C9307951B1E7C5C52A0DFA59483FE0D1CAE460ACA654CE077DE574D4
                                                                                                                                                                      SHA-512:C3790550C0FED95B974ED055441DD9E161D6936BBD0D4393BC4AFA1EBCC7BAC9842323124EFA3DE2805591765D85E2FBC2FA1210892D61F7382CFF82C1312075
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"analyticsData":{"responseGUID":"3a406405-38af-426a-a1b7-8ad1a8e22d63","sophiaUUID":"EC75C70C-C593-4807-92E9-A6C23785378E"},"encodingScheme":true,"expirationDTS":1735144971658,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                      Entropy (8bit):0.8112781244591328
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:e:e
                                                                                                                                                                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                                                                                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                                                                                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                                                                                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2993
                                                                                                                                                                      Entropy (8bit):5.132951144054023
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Y8ir5aM4ayDYEyx81ETTqhCF1IBqkL/Rrjipmsj0Ss2HpQ2LSbCdir5NhXGpb97Q:Ye1eKKSBjBD+wmqB7r9X2b97/Mx
                                                                                                                                                                      MD5:BE2EE9FA9EC85E1DC8CFF70B4221F2B1
                                                                                                                                                                      SHA1:1FD5E8E914D1EC624905B0B26BC8454F2AB0C792
                                                                                                                                                                      SHA-256:CBDDDA1A8CC800DC800F6F95A781BFC817365C3D31E39337E627F578688AB868
                                                                                                                                                                      SHA-512:83F04883FC4FCCCFC79F961B01AE86008E86F624CA157F0FC5A4C3D0D59BB669FAA74A5456D3806BCEAAE27447135C2F9EF7222F45F48A722A9474D1ED93B33D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e9e6552bfa6bd1fb412ffca4c59dc9e9","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1735053277000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"574a5467cf012e8fa54159e2001512e8","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1735053277000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"e0b5dfcfc2413b0f5a1afe003a91ba0a","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1735053277000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"0d8bece2ebe97a0c99c40c69c2dc5649","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":4647,"ts":1735053277000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"2293cf39aad8cc6b8274179b5d068ff2","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":289,"ts":1735053277000},{"id":"DC_Acrobat_Notification_Surface","info":{"dg":"3571c97156cb981ccfe85e7c423e7ef4","sid":"DC_Acrobat_Notification_Surface"},"mimeType":"file","size":295,"

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 42, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 42
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):2.04082093243064
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Tll2GL7msohVAeAb3AWAJ7PA0AE6PRA3AYAK4B6AwiAAAaACZyAyGUAZatiOMf9v:fVmsoEFUd1IXYwT74bpm9Uj0T
                                                                                                                                                                      MD5:65552E0E091974F49E5E92716036630A
                                                                                                                                                                      SHA1:43B853C3E7F94A329DCADFAEAC68CBB340BD8823
                                                                                                                                                                      SHA-256:7F5290CABDF93230AB55BD4FD4F4AEFA6E344CD8DF56F77BCFABB1BB95E5545C
                                                                                                                                                                      SHA-512:0643D4C7F4D325917DBB2978F7C4710AE41B7DB4C7B19958026162137A7B4E965D465E615C112EBECB856E9E4F9453FFC800D472BC80CA527AAC35A5C55F588A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ ...*...................................................................*..c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:SQLite Rollback Journal
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8720
                                                                                                                                                                      Entropy (8bit):2.6665912584685603
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:7MFuAb3AWAJ7PA0AE6PRA3AYAK4B6AwiAAAaACZyAyGUAZatiOMf9NAjVCIGqWc8:7G1Ud1IXYwT74bpm9Uj0freVmsQ
                                                                                                                                                                      MD5:ABBBFD380D64413B46537EA89749FDC6
                                                                                                                                                                      SHA1:CD31415EB51D37F0536CDA8F111F7E57BD9B0F6A
                                                                                                                                                                      SHA-256:AFD2E715B8BE3781EF5E394CA6D2AECC0C1EF4F242FA774A914E277D3E90CF88
                                                                                                                                                                      SHA-512:64A4EF01AEFA7F9F1F2667EFB946B331AD197881947820C54E18893F9567D173C266E741ACE58B22F02319C04FE0250CD1284033CD09AA7F784CAF7C22453114
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.... .c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. .[........8.....n.2...P.......W.......M.....|.?.....S.......;.....[............................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):63336
                                                                                                                                                                      Entropy (8bit):5.39842223089392
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:nOpjlrUlTZ44ADKemgHtqB+XYlf1owNJtzz+0mLcNYyu:yalTZ44ADZHtq8XYlSwhoaK
                                                                                                                                                                      MD5:DB5C038B5C8F16BF7B3905E5042C5BAB
                                                                                                                                                                      SHA1:3CB7E90F209B98E4DC97C53D62487B49E6A51B3C
                                                                                                                                                                      SHA-256:96E7BC40ACF705D4E51347596134E41836E211F78EB4E057BD33500246DDB801
                                                                                                                                                                      SHA-512:F09B228C5329C3DE43B4C5F0E5DE619C591E10F1EC39AC1CF91B3920D6B18361A70DC27D5551B9265D419BF36C22667DFD2823994A24626DCD99D4DC12AA9F31
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:4.375.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2OIDBQCM\NkZDM0E3NTgzM0NEQ0M4M0I5NkY2RDYzRUZERjhCMUQ[1].cer

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:Certificate, Version=3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1474
                                                                                                                                                                      Entropy (8bit):7.596888399785862
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UAZ/2W8ZZ/2SdX6NI9mrhJdx1mOhArrVSJPWenYGJCdf06YIb04SG2MJDh/fTZgt:UsO3nOSSNjrhAHEKGSnA4DHgt
                                                                                                                                                                      MD5:6FC3A75833CDCC83B96F6D63EFDF8B1D
                                                                                                                                                                      SHA1:906CC149415780CFB79F39E1CF449F87CA6D4D16
                                                                                                                                                                      SHA-256:28BC2356366BA59A498573A93284E67BC751D6FB618A7C8BA7A5D57C2E99AFD1
                                                                                                                                                                      SHA-512:0FA1DA55082F440616D073C240756C65A0062E2634163B801F6E549FAEAFAAA660FBC5F29DC37F4AA5FA2009D6CC42B7A2D0EF14DB212E911A0460B4507B8A99
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:0...0..........&..a0...*.H........0..1.0...U....US1.0...U....California1.0...U....San Jose1.0...U....Adobe Systems1.0...U....Cloud Technology1#0!..U....Adobe Intermediate CA 10-40...180820132000Z..250818132000Z0..1.0...U....US1.0...U....California1.0...U....San Jose1.0...U....Adobe Systems1.0...U....Cloud Technology1'0%..U....Adobe Content Certificate 10-60.."0...*.H.............0.........{r.'..sV....S....Y....v. .....Z...6.68..g.\2N..1.*%.`u.;..|.4K2..&%B..X..\i.......?v-X....XBl...>..-s....F.N..].....~....$S...Q.... .......>.}.par..PH..e.v8`..8........&%...t.j[.`..SD.#P..CO........4p..0.9tA..W...c.6..D.'..X-.e....<..xN..N.|.....{ .%....sx..y.RtG......:.e.*.....>.[.E.K....#..X.sXI.['..woc-...<5F.C........_o...P...+.dI..G'...)......q...8..#j...}..w.c.C...tc.Q......9E...j;o..9.td.^4.T&Anv.-I......1..K...iW6...#2.......CKI..Z.\.f.8s9.@3....9.....,U........=xX.L.Uz..W...... 0.0...U...........0...U.......0.0...*.H.................fl.n.....a..X...OS....:;..$...

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4TJ1LROY\QTk4OEU0QjEyRkUyMjYwRTVBQjc3RERGOTFFRjg1OTQ[1].cer

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:Certificate, Version=3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1467
                                                                                                                                                                      Entropy (8bit):7.636065748895156
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:5zYZ/2uJZ/2W8wQ0EH8kc9q+BVTm5n3z3F33iylTfUGuchw67xE0/YSmIXO:xUOuXO33O9q0VTm5TF3RNUGZV7de
                                                                                                                                                                      MD5:A988E4B12FE2260E5AB77DDF91EF8594
                                                                                                                                                                      SHA1:D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A
                                                                                                                                                                      SHA-256:9778308E700050061A698CE591C4FEC1245625D6E898EC66F851E1E340FE423D
                                                                                                                                                                      SHA-512:493F3DEA516B9D789F9839123FF5092DBB6DAD879276945EB5FCB8E58B4C2939B4E2302589F1A567F1B13615BCB34A60AA4D1C4D053D7D13A1B7FA6E14F18093
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:0...0..........v.R.0...*.H........0..1.0...U....US1.0...U....California1.0...U....San Jose1.0...U....Adobe Systems1.0...U....Cloud Technology1.0...U....Adobe Root CA 10-30 ..180817173758Z..20680804173758Z0..1.0...U....US1.0...U....California1.0...U....San Jose1.0...U....Adobe Systems1.0...U....Cloud Technology1#0!..U....Adobe Intermediate CA 10-30.."0...*.H.............0...........*..``'....T'Ag....a......F........Je....+.f..y"Q....Iq%..c..^..xq..M.je-......g.M.;f.8....+<I`.h....=..R...c. 0.L.!...q..mV...m.5..@S...s..2<...........6.s*.a...,.fN.R....f.......~6.;..@...i.......f..jB....i.y..].~.....%...:Q..A...........u~..,...6.s5X.V.........*|.. w..i`N.X.-....a...H;0..@..Fb:.c@\..gg.....z-N&.....E.{..pcM.&...Z@.."..T.)F4...o..IL.....d.`...A.....+`s.!./.........?..^m.,'...$-..NZ*.N....y...'..?.....Y./B.b..\.l......9lw.........R.1.7.....vd....@.9..t...),.......#0!0...U...........0...U.......0....0...*.H.............{....7.'b..r...O.9`.i........M.'..=}.g.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KA259YPD\QUIyRjhEOTg3ODcxNUJEOUQ2NDE2MkE3OTRDRTc5QzY[1].cer

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:Certificate, Version=3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1474
                                                                                                                                                                      Entropy (8bit):7.653251975365271
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0AZ/2W89DKZ/2Sol0s+9FYLUd4xkSJyZDA4lbxGuEleNUkGbJQJf8e2+:0sO3VqOSK+kLUVlFGuEleCkGbJQJfN2+
                                                                                                                                                                      MD5:AB2F8D9878715BD9D64162A794CE79C6
                                                                                                                                                                      SHA1:F0BD97B4EC6CD8B71C35631738259CF9F2E54381
                                                                                                                                                                      SHA-256:ACA9BDE9CB24FABED3E39B23D22A72B9AF2F86795CFA81947E2A416BC71410C4
                                                                                                                                                                      SHA-512:0C615C1F80FA7E234FFECF6A86CC72B61B4AFB9E784466E82FB848D78B2F23667FA70BBBEAB42E6F2E76939FA29BA90EA6CE312DDFDF1A297E3BE200582B12A3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:0...0..........hQ*@0...*.H........0..1.0...U....US1.0...U....California1.0...U....San Jose1.0...U....Adobe Systems1.0...U....Cloud Technology1#0!..U....Adobe Intermediate CA 10-30...180820131842Z..250818131842Z0..1.0...U....US1.0...U....California1.0...U....San Jose1.0...U....Adobe Systems1.0...U....Cloud Technology1'0%..U....Adobe Content Certificate 10-50.."0...*.H.............0.........K8uU.T..u.$.BU...."mx.....a(......DN....3.EQ....%p...F,.....D..._...H.....M...oL...<..G..';.KTE...X......F*E....x......h.............PH..t4.Yw....Ci4...fCI.[....Q.;?..o.;.BC....M....*.K..11.1i.......".....~..=.M..'D.g9B.n.i..U..6..b..p#.z./.h.x.....w.K.,...tIq..r..Z.2..j.9.........{up..w...>3.....N.. .$....Q.g.A....p..P...X}Iq..z$....x.5.......:.$.c..Z..jKR."..l...Y.*....UG.6..@.,T.|)....`R..j9..B....+..$4..y..m]=.......feN.V......'.."...{.&.......a......y.....)bf@..@,..B{WQ.).......... 0.0...U...........0...U.......0.0...*.H...............J1...........M......^wPk}.~?.pv..k.

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V4I0JG8P\QkYyOEUxMEVGQzE5NDNDM0NFNTJFQTkxQzc0NTczM0I[1].cer

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:Certificate, Version=3
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):1467
                                                                                                                                                                      Entropy (8bit):7.674010841233068
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:5mYZ/2uffZ/2W8N0jrxcONWfo9rQBE8VQldBrIKsh0UlToNMhcg/Woqr8YaPqN1O:4UOupO3WjrxPNMQrQBEOQXBcKsh0UQgZ
                                                                                                                                                                      MD5:BF28E10EFC1943C3CE52EA91C745733B
                                                                                                                                                                      SHA1:BF89E52F8D681360E6B84941BD2F9BC0093309F6
                                                                                                                                                                      SHA-256:293427B4B169E974082C9B8886E4FE9FCD1E98F62713BD054EA0E5BC86CABD38
                                                                                                                                                                      SHA-512:1E4A84FF3DEFB09933DAFBCB58BC1FC96A90803AE7F47F6293E11F50D8C2A7B2CC02E09FC0AF176F71477E99EC5CBA51BA64EC59E3DA9C5EE8C1545A29E60AA7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:0...0..........s-).0...*.H........0..1.0...U....US1.0...U....California1.0...U....San Jose1.0...U....Adobe Systems1.0...U....Cloud Technology1.0...U....Adobe Root CA 10-30 ..180817173759Z..20680804173759Z0..1.0...U....US1.0...U....California1.0...U....San Jose1.0...U....Adobe Systems1.0...U....Cloud Technology1#0!..U....Adobe Intermediate CA 10-40.."0...*.H.............0...........2.....b....."..O./"=..}m.?xv.;<x......y.p*.....0..ZFa.4.|."|...;*.E!>...'u....s.1..Q..b.gQP...|.(..l..m....-o...P}|..n...]..".K4k.Q.N...3.E..eg.D+.*....vo...zIF.G.......)l#..S.....].m.[....Z..X..I..,..a..x..LH...Vcw...L.E.M.^+...!..d".....!..WQ+T..kM.......j ....J>&....S....3.;=e...`.h.&................Xhd......H...Xr5......C..X.}J.a.9a.3.3.;...m..DB...ZJ....cS+=.r......iR..8.-s............)...Sa....2.c..G.F..4.#..@.8..{.v..~...Z......s.NMA.~.,..c..2....{.N...A.C.Mai..0q...\........>.......#0!0...U...........0...U.......0....0...*.H.............'/.._x.c.X;._Lo...U..K@i...9....;.-.K.o=.z(

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI57a0.LOG

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):246
                                                                                                                                                                      Entropy (8bit):3.493870954423123
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cZadNmCH:Qw946cPbiOxDlbYnuRKHO
                                                                                                                                                                      MD5:5309A89A7EEB075C0962979CFE1BF098
                                                                                                                                                                      SHA1:0142FB230646A03D3132512B77BCD2A95830CE46
                                                                                                                                                                      SHA-256:CF1C2DA2F04358158D316906F68297AD8A9ACF6469A5E285AA38D8C19CEE5B28
                                                                                                                                                                      SHA-512:3328D1A00CB3F61294B3642C72207DE8FE6855B5471FD6599DE591186964A2D5ED5BC19DBC83464FB5DF53B0D6BAD1EF5878ADACE8A1167500429CD0DF6B5A6B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.1.2./.2.0.2.4. . .1.0.:.1.4.:.2.3. .=.=.=.....

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91argpkm_bl0li6_68o.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):657813
                                                                                                                                                                      Entropy (8bit):4.332811394794712
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:b3JaOcgnatw6MNgwArrXG0w3/nfbaO+SChteBmewFgl:bJaOcgLgB7G0wPfbaO+Sktvl4
                                                                                                                                                                      MD5:4DDABB1A58E27EC24D29A1AE0900A7A1
                                                                                                                                                                      SHA1:1BF27AD5EF9B2D2CD571FEA221072B0CE6056E06
                                                                                                                                                                      SHA-256:287BFD6505AF496EAED3D84F2B869793862167368DDACD8BF44E65835F80CD1F
                                                                                                                                                                      SHA-512:0BD84D8ACAC4763FCCF2D9E52239A58CBAD1E6BF0E9B94E58BCE2ED468E6A28371BFBF6F568E229C44BCC7D1458FB8261BEC2E71AC4646E0037A97EE4F10A3F8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R 7 0 R 8 0 R 9 0 R 10 0 R 11 0 R 12 0 R 13 0 R 14 0 R 15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R 23 0 R 24 0 R 25 0 R 26 0 R 27 0 R 28 0 R 29 0 R 30 0 R 31 0 R 32 0 R 33 0 R 34 0 R 35 0 R 36 0 R 37 0 R 38 0 R 39 0 R 40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 47 0 R 48 0 R 49 0 R 50 0 R 51 0 R 52 0 R 53 0 R 54 0 R 55 0 R 56 0 R 57 0 R 58 0 R 59 0 R 60 0 R 61 0 R 62 0 R 63 0 R 64 0 R 65 0 R 66 0 R 67 0 R 68 0 R 69 0 R 70 0 R 71 0 R 72 0 R 73 0 R 74 0 R 75 0 R 76 0 R 77 0 R 78 0 R 79 0 R 80 0 R 81 0 R 82 0 R 83 0 R 84 0 R 85 0 R 86 0 R 87 0 R 88 0 R 89 0 R 90 0 R 91 0 R 92 0 R 93 0 R 94 0 R 95 0 R 96 0 R 97 0 R 98 0 R 99 0 R 100 0 R 101 0 R 102 0 R 103 0 R 104 0 R 105 0 R 106 0 R 107 0 R 108 0 R 109 0 R 110 0 R 111 0 R 112 0 R 113 0 R 114 0 R 115 0 R 116 0 R 117 0 R 118 0 R 119 0 R 120 0 R 121 0 R 122 0 R 123 0 R 124 0 R 125 0 R 126 0 R 127 0 R 128 0 R 129 0 R 130 0 R 131 0 R 132 0 R

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91ikwsx8_bl0lih_68o.tmp\SecuritySettings.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (3366), with CRLF, LF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8743753
                                                                                                                                                                      Entropy (8bit):5.973915636553778
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:slorNoXcr0uybb2Bv1gKio1lNffltkBh8qE5o/njJnkFqJyhAxtZraV/NhECIsfv:d
                                                                                                                                                                      MD5:AC58CE659273CB30ED166E6A25294CC8
                                                                                                                                                                      SHA1:38B74B8278D47DB2316D69DB6A2C62B49973DBA0
                                                                                                                                                                      SHA-256:84FC1D16E7D5226D07A5C6B9007C13F5F0DF5BFD8A971C61B39BBC247D015B8A
                                                                                                                                                                      SHA-512:A378829749C0CE0D704F9791F5AA9133741E717BF85739F756C9023D4542C9A9A059F2589BA16F53819666E2B8822143FB9D3B446A286285EC54C97647386FED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8"?>..<SecuritySettings>..<TrustedIdentities>...<Identity>....<ImportAction>1</ImportAction>....<Certificate>MIIJwjCCBXagAwIBAgIQDkgKZrU363wocTmbFYJ6czBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgYQxGzAZBgNVBAMMElN3aXNzY29tIFJvb3QgQ0EgNDElMCMGA1UECwwcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEeMBwGA1UEYQwVVkFUQ0gtQ0hFLTEwMS42NTQuNDIzMREwDwYDVQQKDAhTd2lzc2NvbTELMAkGA1UEBhMCQ0gwHhcNMjAwNTI3MDgzNjM2WhcNMzAwNTI1MDgzNjM2WjCBmDEcMBoGA1UEAwwTU3dpc3Njb20gVFNTIENBIDQuMTElMCMGA1UECwwcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEYMBYGA1UEYQwPVkFUQVQtVTY0NzQxMjQ4MSowKAYDVQQKDCFTd2lzc2NvbSBJVCBTZXJ2aWNlcyBGaW5hbmNlIFMuRS4xCzAJBgNVBAYTAkFUMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2AqQcfK0ZWKll0Rj9P/HQ4MkdX5bvg6bau/Cm8Dn8pkH5Qay3Aw0B77lCAjpyoomQuBeBlGs5b+xO1XjFReFvOdixey6TD4xlE4n7Q+Kp8viTG+IvfoqVW4UuJL1rLBb3Oi0RHGv834e8lJkDxGLIs0iFH4tgn9bit0Jz+xmCVOzW5M9gFEh3dEIgMAG6nxvnT8eY71gyjj6hVCXYqooiDN1TBXm4hFVdjUb/yXy9nAAiPlQ4mCWyWeEWI2Eq

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91l1zfqa_bl0lii_68o.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3575937
                                                                                                                                                                      Entropy (8bit):7.375733664554852
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:4ZgmsAPKCJ3+o0jXVUBe7sWDTPSUs7CPYibbW8uXcUHwhTns4Dg/mnDezHfnIi+q:gNsAPKmojeBMTPBol/EDezvaI
                                                                                                                                                                      MD5:F4FAC4E91AD208EBABE00C711E19FCCC
                                                                                                                                                                      SHA1:80C57FB14C93231AB823166950E89062E158A6CF
                                                                                                                                                                      SHA-256:D07277348D1E207E3B48CAE9C2EC1A41080836D5DB8142F2F29D0836A0E916B2
                                                                                                                                                                      SHA-512:1271ACD6A0ADC1FA4DD4C03E1443C252278E401A588553FFC4ADE4AD49FA561F68DCF9D60F20B5D224BD7B1A51D50D84DC802E16AFF5958B437E993D81441734
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R 7 0 R 8 0 R 9 0 R 10 0 R 11 0 R 12 0 R 13 0 R 14 0 R 15 0 R 16 0 R 18 0 R 19 0 R 20 0 R 22 0 R 23 0 R 24 0 R 27 0 R 28 0 R 29 0 R 30 0 R 31 0 R 32 0 R 34 0 R 36 0 R 37 0 R 38 0 R 39 0 R 40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 47 0 R 50 0 R 51 0 R 52 0 R 53 0 R 54 0 R 55 0 R 56 0 R 57 0 R 58 0 R 59 0 R 60 0 R 61 0 R 62 0 R 63 0 R 64 0 R 65 0 R 66 0 R 67 0 R 68 0 R 69 0 R 70 0 R 71 0 R 72 0 R 73 0 R 74 0 R 75 0 R 76 0 R 77 0 R 78 0 R 79 0 R 80 0 R 81 0 R 82 0 R 85 0 R 87 0 R 88 0 R 89 0 R 90 0 R 91 0 R 92 0 R 93 0 R 96 0 R 97 0 R 98 0 R 99 0 R 100 0 R 101 0 R 102 0 R 103 0 R 104 0 R 105 0 R 106 0 R 107 0 R 108 0 R 109 0 R 110 0 R 111 0 R 112 0 R 113 0 R 114 0 R 115 0 R 117 0 R 118 0 R 121 0 R 122 0 R 123 0 R 124 0 R 125 0 R 126 0 R 127 0 R 128 0 R 129 0 R 130 0 R 131 0 R 132 0 R 133 0 R 134 0 R 135 0 R 137 0 R 138 0 R 139 0 R 140 0 R 141 0 R 142 0 R 144 0 R 145 0 R 146 0 R 147 0 R 148 0 R 14

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91o48fys_bl0lif_68o.tmp\SecuritySettings.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (2842)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):781334
                                                                                                                                                                      Entropy (8bit):6.004424146537179
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:BzOu+eFnfp7MyDw8tWM4Hj5GpWXAaSfwxnrp:McnWwYHEiABc
                                                                                                                                                                      MD5:59C5AECCBFB14250DBADC84FCA38336C
                                                                                                                                                                      SHA1:D3757025499A91DC5B295E98B21D4DCD9C21FE8F
                                                                                                                                                                      SHA-256:83A09CBD4DEBEDFFF009E5F3156775B122ECF55D8E54EEDEC0B86818A9A49E48
                                                                                                                                                                      SHA-512:B751FEE1331E5BB469EC479DF810DC51ED2B9BC1D7B25F2073D8048F854E0E8DE91044DC01FAC74920DF2A094A7684ADD87383A45657648D646BFDE68DDB5575
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0"?>.<SecuritySettings>..<TrustedIdentities>...<Identity>....<ImportAction>1</ImportAction>....<Certificate>MIIFpDCCA4ygAwIBAgIQXfEvX1enw+GwAtiTJwzd4TANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAbBgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMRkwFwYDVQQDExBBZG9iZSBSb290IENBIEcyMB4XDTE2MTEyOTAwMDAwMFoXDTQ2MTEyODIzNTk1OVowbDELMAkGA1UEBhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMR0wGwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEZMBcGA1UEAxMQQWRvYmUgUm9vdCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbacmKb7oN7MqJG44ojMpdXrC1zdFHLBv97MuaXDKzI59kgZ0hK900lgU8iXW9p2iwYQs/FbJ0+cTRxUlKhthpbnRTNu42R5LGI+XAPbQznxqfr82ScT11BwF/mF4hATOsDy5XvsqXmjji9HCN5V8MicQTJcQ6zK9W9U52m7lLt3vK1T/eQKFL9UBd+JN032AoSGxOLoxQ55qlJp8bVTBbBX220ZwrnGpl2Q59F7Mwc9KQSUG/6kJ/maqi7l5E//eUgj+CP+WO82cW5XQmMp5aSZ6hg1dW2dBLDddEZe7/zl43eWp+S8DRByzQofDt+yAKkp7MJK5Vdhh4RnMGdAkkg1s7e2osxG090hIfqwV4pE5m7QT4ikNJmxxorvZNETfO+FxCJo72i7yMymZWHmKXObvluPvByzqVpuFPldywKvZgHIte

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91szjl1b_bl0lid_68o.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6253231
                                                                                                                                                                      Entropy (8bit):4.586233618452247
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:fEZZiYmsCIa//68Ywp2PLxbFOkQ7rZ3YjesKbeLqVeAaqhdEnB0w5a+FmQ2x/uV9:iZPmsxotU
                                                                                                                                                                      MD5:097ADAAE8EEC93F8C64C116294733D88
                                                                                                                                                                      SHA1:EEDCC17EABE4A3BBD0EC47EB8D523A3C1EE940AC
                                                                                                                                                                      SHA-256:34DD3601B334C7CC1F7CE6A3190DECDD1F6E3B72B74FAE8C26756DB68D28F1F2
                                                                                                                                                                      SHA-512:E3958DF36313840FA4F72CDA549323DAEC1E569E1D71763E3D36B7D361A8724D33D3D0D06060297CE8E7F37558973C1B4621C52BF6F2BA534C660FDD101D5F5B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R 7 0 R 8 0 R 9 0 R 10 0 R 11 0 R 12 0 R 13 0 R 14 0 R 15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R 23 0 R 24 0 R 25 0 R 26 0 R 27 0 R 28 0 R 29 0 R 30 0 R 31 0 R 32 0 R 34 0 R 35 0 R 36 0 R 37 0 R 38 0 R 39 0 R 40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 47 0 R 48 0 R 49 0 R 50 0 R 51 0 R 52 0 R 53 0 R 54 0 R 55 0 R 56 0 R 57 0 R 58 0 R 59 0 R 60 0 R 61 0 R 62 0 R 63 0 R 64 0 R 65 0 R 66 0 R 67 0 R 68 0 R 69 0 R 70 0 R 71 0 R 72 0 R 73 0 R 74 0 R 75 0 R 76 0 R 77 0 R 78 0 R 79 0 R 80 0 R 81 0 R 82 0 R 83 0 R 84 0 R 85 0 R 86 0 R 87 0 R 88 0 R 89 0 R 90 0 R 91 0 R 92 0 R 93 0 R 94 0 R 95 0 R 96 0 R 97 0 R 98 0 R 99 0 R 100 0 R 101 0 R 102 0 R 103 0 R 104 0 R 105 0 R 106 0 R 107 0 R 108 0 R 109 0 R 110 0 R 111 0 R 112 0 R 113 0 R 114 0 R 115 0 R 116 0 R 117 0 R 118 0 R 119 0 R 120 0 R 121 0 R 122 0 R 123 0 R 124 0 R 125 0 R 126 0 R 127 0 R 128 0 R 129 0 R 130 0 R 131 0 R 132 0 R 133 0

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91tkm399_bl0li5_68o.tmp\SecuritySettings.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (2842)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):781334
                                                                                                                                                                      Entropy (8bit):6.004424146537179
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:BzOu+eFnfp7MyDw8tWM4Hj5GpWXAaSfwxnrp:McnWwYHEiABc
                                                                                                                                                                      MD5:59C5AECCBFB14250DBADC84FCA38336C
                                                                                                                                                                      SHA1:D3757025499A91DC5B295E98B21D4DCD9C21FE8F
                                                                                                                                                                      SHA-256:83A09CBD4DEBEDFFF009E5F3156775B122ECF55D8E54EEDEC0B86818A9A49E48
                                                                                                                                                                      SHA-512:B751FEE1331E5BB469EC479DF810DC51ED2B9BC1D7B25F2073D8048F854E0E8DE91044DC01FAC74920DF2A094A7684ADD87383A45657648D646BFDE68DDB5575
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0"?>.<SecuritySettings>..<TrustedIdentities>...<Identity>....<ImportAction>1</ImportAction>....<Certificate>MIIFpDCCA4ygAwIBAgIQXfEvX1enw+GwAtiTJwzd4TANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAbBgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMRkwFwYDVQQDExBBZG9iZSBSb290IENBIEcyMB4XDTE2MTEyOTAwMDAwMFoXDTQ2MTEyODIzNTk1OVowbDELMAkGA1UEBhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMR0wGwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEZMBcGA1UEAxMQQWRvYmUgUm9vdCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbacmKb7oN7MqJG44ojMpdXrC1zdFHLBv97MuaXDKzI59kgZ0hK900lgU8iXW9p2iwYQs/FbJ0+cTRxUlKhthpbnRTNu42R5LGI+XAPbQznxqfr82ScT11BwF/mF4hATOsDy5XvsqXmjji9HCN5V8MicQTJcQ6zK9W9U52m7lLt3vK1T/eQKFL9UBd+JN032AoSGxOLoxQ55qlJp8bVTBbBX220ZwrnGpl2Q59F7Mwc9KQSUG/6kJ/maqi7l5E//eUgj+CP+WO82cW5XQmMp5aSZ6hg1dW2dBLDddEZe7/zl43eWp+S8DRByzQofDt+yAKkp7MJK5Vdhh4RnMGdAkkg1s7e2osxG090hIfqwV4pE5m7QT4ikNJmxxorvZNETfO+FxCJo72i7yMymZWHmKXObvluPvByzqVpuFPldywKvZgHIte

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A95dc837_bl0lic_68o.tmp\SecuritySettings.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (3366), with CRLF, LF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8743753
                                                                                                                                                                      Entropy (8bit):5.973915636553778
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:slorNoXcr0uybb2Bv1gKio1lNffltkBh8qE5o/njJnkFqJyhAxtZraV/NhECIsfv:d
                                                                                                                                                                      MD5:AC58CE659273CB30ED166E6A25294CC8
                                                                                                                                                                      SHA1:38B74B8278D47DB2316D69DB6A2C62B49973DBA0
                                                                                                                                                                      SHA-256:84FC1D16E7D5226D07A5C6B9007C13F5F0DF5BFD8A971C61B39BBC247D015B8A
                                                                                                                                                                      SHA-512:A378829749C0CE0D704F9791F5AA9133741E717BF85739F756C9023D4542C9A9A059F2589BA16F53819666E2B8822143FB9D3B446A286285EC54C97647386FED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8"?>..<SecuritySettings>..<TrustedIdentities>...<Identity>....<ImportAction>1</ImportAction>....<Certificate>MIIJwjCCBXagAwIBAgIQDkgKZrU363wocTmbFYJ6czBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwgYQxGzAZBgNVBAMMElN3aXNzY29tIFJvb3QgQ0EgNDElMCMGA1UECwwcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEeMBwGA1UEYQwVVkFUQ0gtQ0hFLTEwMS42NTQuNDIzMREwDwYDVQQKDAhTd2lzc2NvbTELMAkGA1UEBhMCQ0gwHhcNMjAwNTI3MDgzNjM2WhcNMzAwNTI1MDgzNjM2WjCBmDEcMBoGA1UEAwwTU3dpc3Njb20gVFNTIENBIDQuMTElMCMGA1UECwwcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEYMBYGA1UEYQwPVkFUQVQtVTY0NzQxMjQ4MSowKAYDVQQKDCFTd2lzc2NvbSBJVCBTZXJ2aWNlcyBGaW5hbmNlIFMuRS4xCzAJBgNVBAYTAkFUMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2AqQcfK0ZWKll0Rj9P/HQ4MkdX5bvg6bau/Cm8Dn8pkH5Qay3Aw0B77lCAjpyoomQuBeBlGs5b+xO1XjFReFvOdixey6TD4xlE4n7Q+Kp8viTG+IvfoqVW4UuJL1rLBb3Oi0RHGv834e8lJkDxGLIs0iFH4tgn9bit0Jz+xmCVOzW5M9gFEh3dEIgMAG6nxvnT8eY71gyjj6hVCXYqooiDN1TBXm4hFVdjUb/yXy9nAAiPlQ4mCWyWeEWI2Eq

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9gz7j70_bl0lig_68o.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3609476
                                                                                                                                                                      Entropy (8bit):7.363789671320058
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:zZgmsAPKCJ3+o0jXVUBe7sWDTPSUs7CPYibbW8uXcUHwhTns4Dg/mnDezHfnIi+G:dNsAPKmojeBMTPBol/EDezvao
                                                                                                                                                                      MD5:71A1E6FBA9D8F62E9C14FA98851EF34C
                                                                                                                                                                      SHA1:266CD4612FA192D0F31C3EF62A601E9BDB18EC03
                                                                                                                                                                      SHA-256:71E617B3382090C484F5B158D0D472710487C4C5F9FA632645541CFD05720E19
                                                                                                                                                                      SHA-512:1C6AC66F9970E30B8C050E1AC58EBCA621E9941F28F85F5456647F4C692CBAE621AC9382CB8A068710742C4B6840ADCAD9F501D431EABB34F01C6E2E7C9FBB51
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R 7 0 R 8 0 R 9 0 R 10 0 R 11 0 R 12 0 R 13 0 R 14 0 R 15 0 R 16 0 R 18 0 R 19 0 R 20 0 R 22 0 R 23 0 R 24 0 R 27 0 R 28 0 R 29 0 R 30 0 R 31 0 R 32 0 R 34 0 R 36 0 R 37 0 R 38 0 R 39 0 R 40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 47 0 R 50 0 R 51 0 R 52 0 R 53 0 R 54 0 R 55 0 R 56 0 R 57 0 R 58 0 R 59 0 R 60 0 R 61 0 R 62 0 R 63 0 R 64 0 R 65 0 R 66 0 R 67 0 R 68 0 R 69 0 R 70 0 R 71 0 R 72 0 R 73 0 R 74 0 R 75 0 R 76 0 R 77 0 R 78 0 R 79 0 R 80 0 R 81 0 R 82 0 R 85 0 R 87 0 R 88 0 R 89 0 R 90 0 R 91 0 R 92 0 R 93 0 R 96 0 R 97 0 R 98 0 R 99 0 R 100 0 R 101 0 R 102 0 R 103 0 R 104 0 R 105 0 R 106 0 R 107 0 R 108 0 R 109 0 R 110 0 R 111 0 R 112 0 R 113 0 R 114 0 R 115 0 R 117 0 R 118 0 R 121 0 R 122 0 R 123 0 R 124 0 R 125 0 R 126 0 R 127 0 R 128 0 R 129 0 R 130 0 R 131 0 R 132 0 R 133 0 R 134 0 R 135 0 R 137 0 R 138 0 R 139 0 R 140 0 R 141 0 R 142 0 R 144 0 R 145 0 R 146 0 R 147 0 R 148 0 R 14

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9ilqxat_bl0li2_68o.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2362112
                                                                                                                                                                      Entropy (8bit):2.231975361852615
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:xBC7xRSnsIL5Zlf24PSII97l8M2xkcEYFmTl9S:ERSnF31PSR97ZRcE
                                                                                                                                                                      MD5:AEEDA09EAF55CEAE65CA7DD6C921E16C
                                                                                                                                                                      SHA1:4FBF0299AF5A0B5E600D6F6A021CD34E8B391E57
                                                                                                                                                                      SHA-256:F02E93E4F85BC64234312F5708DEE3884A7FAE9D78B856436D02A014F2DCD8B3
                                                                                                                                                                      SHA-512:05CE0810694A3078F77E6DF8308C0873193ECC178979470443860207FD53B1DA1AF1325DB9DDF14BD4D75C38F45625949EA265385871799D1ECC252F18F4AC26
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............................................................................................................................................................................................................................................................................................................t...........................................................................................^......._.......c.......d...........................................................................................................................................-...)...A12_acrobat_multiFile_generic_dark_32.pdf...................................................................................................8...........................................................................................................%...!...A12_acrobat_parcel_generic_64.pdf...........................................................................................................9.......................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader1.ngllogcontrolconfig

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):176
                                                                                                                                                                      Entropy (8bit):4.866329860762867
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:GnJl1lysHFgtAeoaVjo+cAeoujPBDJlf2mLlxIPNrRlCkY:G3/uth6tjXleMl61rWkY
                                                                                                                                                                      MD5:89C34C89C9A7B412D588F23D9FDFBAE0
                                                                                                                                                                      SHA1:9165DF91E2EF643DB2BE37E607BCF5595845FB53
                                                                                                                                                                      SHA-256:AA44298C1F5960141C91A3189008FBB20237B936E19E4DDB766ED1F8FC3E93CE
                                                                                                                                                                      SHA-512:0E4655E70F8086128F1F7BE1CFCF3ADA2BC2A1DE9E7272C15EC56C866261DFE4F7C55B8A6F3DBE84AAB79034A6B5E0E7FFDB48913E0FE090E97EC5F83B5880BC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{..."level" : "ERROR",..."maxFileUploadSize" : 1000,..."minFileUploadSize" : 500,..."uploadInterval" : 604800000,..."uploadOnError" : false,..."uploadOnSessionStart" : false..}

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader124.4.20272.6.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):72363
                                                                                                                                                                      Entropy (8bit):5.342350684340892
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Y20ggg3BdioiGDIDGNTNvPkr1q6q6EAe1etpej2jRCMC2UdUrFfFc6x6+727Z4sC:mP5RmCt0eHmZUd
                                                                                                                                                                      MD5:DB6159B73FD848CE3187CE352D90D6A6
                                                                                                                                                                      SHA1:27CC6230BC7FE81E7F489153A60B90A75B350E11
                                                                                                                                                                      SHA-256:277C671E52D1AAFACCF81135A94BF58159C38C90F5A4B6CA52A9E2E3256AE60A
                                                                                                                                                                      SHA-512:0F172944BD2FC064CCB970F5CDD9C307C8E1497FCAABEFA55D7A279D82763496F5282A57780FCBDC91727FBC377AAC0B82D32FA87410E9863B0948AB0F6A8F7D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SessionID=00eb6d61-224b-4dd8-a858-8bedb506d99f.1735053251210 Timestamp=2024-12-24T10:14:11:210-0500 ThreadID=8636 Component=ngl-lib_NglAppLib Description="InitializeLogger: -------- Initializing session logs --------"..SessionID=00eb6d61-224b-4dd8-a858-8bedb506d99f.1735053251210 Timestamp=2024-12-24T10:14:11:212-0500 ThreadID=8636 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=00eb6d61-224b-4dd8-a858-8bedb506d99f.1735053251210 Timestamp=2024-12-24T10:14:11:212-0500 ThreadID=8636 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=00eb6d61-224b-4dd8-a858-8bedb506d99f.1735053251210 Timestamp=2024-12-24T10:14:11:213-0500 ThreadID=8636 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.22631.1"..SessionID=00eb6d61-224b-4dd8-a858-8bedb506d99f.1735053251210 Timestamp=2024-12-24T10:14:11:214-0500 ThreadID=8636 Component=ngl-lib_NglAppLib De

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16895
                                                                                                                                                                      Entropy (8bit):5.397580750910751
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:5JocbUIciJHcbPtvJYcb4IPVtBJCcbKgEI1HJExb6I:DcPtdPVtB1dI
                                                                                                                                                                      MD5:6C223448B4AC59E86A12EB1DF0A10034
                                                                                                                                                                      SHA1:EC16C0264C95BEF9ED61751AC698CBA157C8D39C
                                                                                                                                                                      SHA-256:42C2993D7E5D13B1ED62A59791CF06BB7DBCCABCE3840924FB38AB672503A09C
                                                                                                                                                                      SHA-512:1E67CD7CBB209E8FC3C81DF794841F7558D6644051DC27F9BFF8744D8B6EEDDA2CC44697E4C37F2703D21B8D9FF9D5A7ED4C8372A93838EA011CA31895348D94
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:09-12-2024 07:34:53:.---2---..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : ***************************************..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : ***************************************..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : Starting NGL..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : NGLAppVersion 24.4.20220.6..09-12-2024 07:34:53:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..09-12-2024 07:34:54:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..09-12-2024 07:34:54:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..09-12-2024 07:34:54:.Closing File..09-12-

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\29a50cdc-1e37-4e59-ace6-e9fb1487aae8.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41808
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1447012
                                                                                                                                                                      Entropy (8bit):7.976416178300351
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:/lacAihegbav19kg5W6+K7OItMUaGuId3huN/1IbPM+B36H+T+B/phv:Ic7hegbQ19kg5W6TSzwub6bUIE+Ozv
                                                                                                                                                                      MD5:85B9E735F7B3B9A4AA27FA608550C282
                                                                                                                                                                      SHA1:946521EC4238376D4032ED5945F73E04406AD9D0
                                                                                                                                                                      SHA-256:51C6BB1C85F6F87A06EC81AD3EE7DF998F8B1F878855AA90BA4A439071E11EB6
                                                                                                                                                                      SHA-512:CFEB69AFA90F9F5CB53301D6FFD6197C86CF75345F4812EBB72B98897E1E123069297425F7A28AE55530DA2B27238573E3F12D77E79F2077F35B18DB0AB04ABD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\5d13c005-7fcd-4f0d-aa57-9a80191311ad.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):349066
                                                                                                                                                                      Entropy (8bit):7.974867674341838
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:363nxPvUMrMkBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1L5:qnx0Mz+Tegs661ybxrr/IxkB1mabFhOD
                                                                                                                                                                      MD5:C9A0D7F389FA4D046AE4EDC33E8781DB
                                                                                                                                                                      SHA1:7F050C2FD8BE4C671160994972D27181B03D048A
                                                                                                                                                                      SHA-256:AD732111E59FD39FC2321F88A43B90D10F6CEED5649FDE877A6B5C01986972C4
                                                                                                                                                                      SHA-512:D036654F71583182CA007396A5F2D9DE43EE237CE4A38D149BBB3276AE77672C2C72D57198386A311DB42D215F8E69D1B7C5814D9C90F8275D1E6E8D1873A664
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............r.I..Z..K.w.p..4A..?..Z-..5..mI.Mqi..I.$.&@R.H.........G.........O........{fB.M...........!.............o...y.E4.w#......8..B..x$ND[...W....gW.../...lq ?.O...X..C.I.?9...d....v.O...|.S..%?.W0.+.m.)|6.O..#..0...'....<4W..6b0W./.~.......@..l....$>c...~-......u...l3......q.O$L..l.!.q.G.;..X....0.~.K^..O.X...){..4.J(.....X.7..c...,b.X.O.l9...-......l..j./....|..A..8~.\.Wq|..PR.-G.qo....$<.......){/........-.aU..&a. ....e.1'.-....I..*...I..........w...K..;|.kvC.|......v]...O........#.....}..N..]......8...'.e.`.m..-.z...v.........&...s.X.9....O[..G.;..?...Z7..5..]...u..@.5........m \.~Q..#.#..%..<.J...*8..x..i|xM.6..X~......f'.G......T_..Gl....J).w".y..y;1f..]|.....f.G..V%....'..@.%J..g.......pR.e......x...(]B=.;>...}<........gMa.*.ZsVv i.:.i.>.I .........K.L.iJ.Z..e.&J.W.lw[~.$.5..|....Ot+.y.h../....+E..7...rE......,.`.?!g...a.+`.w>%8..O.....m.f.i.n}s...Z....3..X..R...>G.nI*.9>..`.....|N....#....7...\....l.A.. ..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\bea8842e-d60e-4ca8-a053-da528ce9f126.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15506
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):750018
                                                                                                                                                                      Entropy (8bit):7.980449716544286
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:ZFGnx0MR1ybxrr/IxkB1mabFhOXZ/fEa+9Nh3PaY8xE+Tegs6ajnt56QPIm/E9ul:ZFGiMMNB1Dofjc3P78x5egfatfW9i
                                                                                                                                                                      MD5:DD1AC9A866C982BEDECF34F23C0CC60C
                                                                                                                                                                      SHA1:A4DF741609434B1C3368C83854E10C49D3103791
                                                                                                                                                                      SHA-256:5F5D5841FA80E4BEB02E8DEA439C43135E8CEF7965F036F698A70C85268A94FE
                                                                                                                                                                      SHA-512:9D5B3D01E16DB6430F24CE6540FE4CACC103710F93D5C5EA065D44451AC68E973ACF13C9A54A4DCB383A68C5386A6AC094E06E792C21A56382E02736CC6BB628
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...........[ldYr vZ..T.,...I.....a6.I...,Nu.^...f..t..D.3If....L..UY....|..1............[..c.....c.^}x.C.OC.C...@...OD.8.s..d.....y.=.8q^q"..3'..g..):.+...%6ES.EO.N....=Q.}..!Sb_.l..J...(........Pv.L.TT....*.;.!.U.[....S..9.b......DI........T./..}..!cz2./C....e.u.xl....&.e...'.0-C.....x!S_..$.U.V.i.2./..2..).t..e.A..e....*q.../...rm.G.m....5.V...e.}S~},....!~(c..kC..y..g.*._[.Kx%...G.,......vNB....H....+......Q.Z.5.v0.^`.wd..8....x&SveO.x....|...Wp..q...Q:........!.....iL3-C.NU.e.UG.&GY.........2....1....=..}..0z[8.+....nb.Vq..d....u|)S4e.PF..8.O.3}.i..K....c...)....U.....L9..-!&.."..{-.\..)..>.Z...2.......|.&...F~+.....j.c...3...r.S8.....ul.&..B...[....Q.x..._.8v...sQ.lh.=....vZ...{.....0.hS.[......FG..C..U/.._`.P./%4.M.IM.9.A..%B.x...p....(.@..M....eI.Nc.....ij.(u.......K=..m\.:...\.YA}8..$.O}..\..m...J...W.Z...6.Fj.F...c.H.?.....[.\...6~.ea..j{]R.{..\_...d.|.T./.......8;.8;V..s.V...x.._(..u.(..Q.)\.o.U.FM.a.S

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\e663257c-00af-4537-86f8-070b11d53e34.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):349066
                                                                                                                                                                      Entropy (8bit):7.974867674341838
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:363nxPvUMrMkBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1L5:qnx0Mz+Tegs661ybxrr/IxkB1mabFhOD
                                                                                                                                                                      MD5:C9A0D7F389FA4D046AE4EDC33E8781DB
                                                                                                                                                                      SHA1:7F050C2FD8BE4C671160994972D27181B03D048A
                                                                                                                                                                      SHA-256:AD732111E59FD39FC2321F88A43B90D10F6CEED5649FDE877A6B5C01986972C4
                                                                                                                                                                      SHA-512:D036654F71583182CA007396A5F2D9DE43EE237CE4A38D149BBB3276AE77672C2C72D57198386A311DB42D215F8E69D1B7C5814D9C90F8275D1E6E8D1873A664
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............r.I..Z..K.w.p..4A..?..Z-..5..mI.Mqi..I.$.&@R.H.........G.........O........{fB.M...........!.............o...y.E4.w#......8..B..x$ND[...W....gW.../...lq ?.O...X..C.I.?9...d....v.O...|.S..%?.W0.+.m.)|6.O..#..0...'....<4W..6b0W./.~.......@..l....$>c...~-......u...l3......q.O$L..l.!.q.G.;..X....0.~.K^..O.X...){..4.J(.....X.7..c...,b.X.O.l9...-......l..j./....|..A..8~.\.Wq|..PR.-G.qo....$<.......){/........-.aU..&a. ....e.1'.-....I..*...I..........w...K..;|.kvC.|......v]...O........#.....}..N..]......8...'.e.`.m..-.z...v.........&...s.X.9....O[..G.;..?...Z7..5..]...u..@.5........m \.~Q..#.#..%..<.J...*8..x..i|xM.6..X~......f'.G......T_..Gl....J).w".y..y;1f..]|.....f.G..V%....'..@.%J..g.......pR.e......x...(]B=.;>...}<........gMa.*.ZsVv i.:.i.>.I .........K.L.iJ.Z..e.&J.W.lw[~.$.5..|....Ot+.y.h../....+E..7...rE......,.`.?!g...a.+`.w>%8..O.....m.f.i.n}s...Z....3..X..R...>G.nI*.9>..`.....|N....#....7...\....l.A.. ..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\f2e3fbc2-a387-4578-9a5e-1d4a1e9db953.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41808
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1434443
                                                                                                                                                                      Entropy (8bit):7.975962985186076
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:RlacAihegb8WOG+T+B/phev19kgiK7OItMUaGuId3huN/1IbPM+B36p:yc7hegb8WOG+OzU19kgHSzwub6bUIA
                                                                                                                                                                      MD5:D9D120AE58F8276EF0E25801824CA43A
                                                                                                                                                                      SHA1:9F7FB27A0B2A9867CF6374F83802AF47EEE96249
                                                                                                                                                                      SHA-256:91AA6D74AD6DBC6F813848586A035B195117EF0681E2A2ED2ED94D3D69AD2941
                                                                                                                                                                      SHA-512:CB75F8BE34961ED07BD1755DC376618B8267CBED8697A0F07C4F983A0C8E99F110BC36EF3C7DC7CBABE3A6E7197D4589BBE0DB781B49912B1CB2D124351F1095
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3575937
                                                                                                                                                                      Entropy (8bit):7.375733664554852
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:4ZgmsAPKCJ3+o0jXVUBe7sWDTPSUs7CPYibbW8uXcUHwhTns4Dg/mnDezHfnIi+q:gNsAPKmojeBMTPBol/EDezvaI
                                                                                                                                                                      MD5:F4FAC4E91AD208EBABE00C711E19FCCC
                                                                                                                                                                      SHA1:80C57FB14C93231AB823166950E89062E158A6CF
                                                                                                                                                                      SHA-256:D07277348D1E207E3B48CAE9C2EC1A41080836D5DB8142F2F29D0836A0E916B2
                                                                                                                                                                      SHA-512:1271ACD6A0ADC1FA4DD4C03E1443C252278E401A588553FFC4ADE4AD49FA561F68DCF9D60F20B5D224BD7B1A51D50D84DC802E16AFF5958B437E993D81441734
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R 7 0 R 8 0 R 9 0 R 10 0 R 11 0 R 12 0 R 13 0 R 14 0 R 15 0 R 16 0 R 18 0 R 19 0 R 20 0 R 22 0 R 23 0 R 24 0 R 27 0 R 28 0 R 29 0 R 30 0 R 31 0 R 32 0 R 34 0 R 36 0 R 37 0 R 38 0 R 39 0 R 40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 47 0 R 50 0 R 51 0 R 52 0 R 53 0 R 54 0 R 55 0 R 56 0 R 57 0 R 58 0 R 59 0 R 60 0 R 61 0 R 62 0 R 63 0 R 64 0 R 65 0 R 66 0 R 67 0 R 68 0 R 69 0 R 70 0 R 71 0 R 72 0 R 73 0 R 74 0 R 75 0 R 76 0 R 77 0 R 78 0 R 79 0 R 80 0 R 81 0 R 82 0 R 85 0 R 87 0 R 88 0 R 89 0 R 90 0 R 91 0 R 92 0 R 93 0 R 96 0 R 97 0 R 98 0 R 99 0 R 100 0 R 101 0 R 102 0 R 103 0 R 104 0 R 105 0 R 106 0 R 107 0 R 108 0 R 109 0 R 110 0 R 111 0 R 112 0 R 113 0 R 114 0 R 115 0 R 117 0 R 118 0 R 121 0 R 122 0 R 123 0 R 124 0 R 125 0 R 126 0 R 127 0 R 128 0 R 129 0 R 130 0 R 131 0 R 132 0 R 133 0 R 134 0 R 135 0 R 137 0 R 138 0 R 139 0 R 140 0 R 141 0 R 142 0 R 144 0 R 145 0 R 146 0 R 147 0 R 148 0 R 14

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\directories.acrodata

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      File Type:FDF document, version 1.2
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):204
                                                                                                                                                                      Entropy (8bit):4.95139359640741
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:CLNd2lVY9wFaqIMiyuLJDmYu2xXsR4JMO0wr:CH2lVYuPIDmY9WKZ0wr
                                                                                                                                                                      MD5:F1DDD492A9D56497A6DCC1EE55204244
                                                                                                                                                                      SHA1:4D2C325C55E776731EA019CE180881B4824011DA
                                                                                                                                                                      SHA-256:897B30ACABF35DA4937B1B8258D30DD2F89CF64ADA8522B558D01EB503B7B85F
                                                                                                                                                                      SHA-512:1993D2E45176A47F699BF31F09C24BCE76806AC15023098A6FB89D52B748C2528196C0C337DC7142E8B4145D5A57AE88255D5E85238EC31F4D4F7FDCF543237A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%FDF-1.2.%......1 0 obj.<</DirectoryData<</Entries<<>>/Type/DirectoryData>>/Type/Catalog>>.endobj.xref..0 2..0000000000 65535 f..0000000016 00000 n..trailer..<</Size 2/Root 1 0 R>>..startxref..98..%%EOF..

                                                                                                                                                                      Static File Info

                                                                                                                                                                      General

                                                                                                                                                                      File type:PDF document, version 1.7 (zip deflate encoded)
                                                                                                                                                                      Entropy (8bit):7.930321142439076
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Adobe Portable Document Format (5005/1) 100.00%
                                                                                                                                                                      File name:End of Year Accounting for The Estate of Janet Delesanti-2.pdf
                                                                                                                                                                      File size:13'329'417 bytes
                                                                                                                                                                      MD5:c37012ba15a5dd1c1ae109d07c4e6417
                                                                                                                                                                      SHA1:752014043e65f3bc49704cdae2a9e26a0a6fa82a
                                                                                                                                                                      SHA256:7a4fc14999cc545e5fc14502b74ee87e3d50b33c531eef64c6c531952f6f8394
                                                                                                                                                                      SHA512:57b15a43591bbfc39f6779654781102452d88e5643a4787844b29ebc31799d53f6163f39912e9a5cfc234618d40f3e7083f67f95891771226aca96e90900c833
                                                                                                                                                                      SSDEEP:393216:LN3YK9FiaRd5nm2g4evcfBlKIHAoxA8ihUCF:LN3YK3iaRd59gXvcfBMIAoUhNF
                                                                                                                                                                      TLSH:8ED6AF4B8E858656902D43F4BE074FAC5F5A2BAEA44136FF14174ECF3E20A135E9E06D
                                                                                                                                                                      File Content Preview:%PDF-1.7.%......1 0 obj.<</AcroForm 3150 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Pages 3015 0 R/StructTreeRoot 33 0 R/Type/Catalog>>.endobj.3 0 obj.<</Contents 4 0 R/Group<</CS/DeviceRGB/S/Transparency/Type/Group>>/MediaBox[0 0 612 792]/Parent 2 0 R/Reso

                                                                                                                                                                      File Icon

                                                                                                                                                                      Icon Hash:62cc8caeb29e8ae0

                                                                                                                                                                      Static PDF Info

                                                                                                                                                                      General

                                                                                                                                                                      Header:%PDF-1.7
                                                                                                                                                                      Total Entropy:7.930321
                                                                                                                                                                      Total Bytes:13329417
                                                                                                                                                                      Stream Entropy:7.929497
                                                                                                                                                                      Stream Bytes:13138521
                                                                                                                                                                      Entropy outside Streams:5.128772
                                                                                                                                                                      Bytes outside Streams:190896
                                                                                                                                                                      Number of EOF found:1
                                                                                                                                                                      Bytes after EOF:

                                                                                                                                                                      Keywords Statistics

                                                                                                                                                                      NameCount
                                                                                                                                                                      obj1963
                                                                                                                                                                      endobj1963
                                                                                                                                                                      stream1846
                                                                                                                                                                      endstream1846
                                                                                                                                                                      xref0
                                                                                                                                                                      trailer0
                                                                                                                                                                      startxref1
                                                                                                                                                                      /Page114
                                                                                                                                                                      /Encrypt0
                                                                                                                                                                      /ObjStm12
                                                                                                                                                                      /URI0
                                                                                                                                                                      /JS0
                                                                                                                                                                      /JavaScript0
                                                                                                                                                                      /AA1
                                                                                                                                                                      /OpenAction0
                                                                                                                                                                      /AcroForm1
                                                                                                                                                                      /JBIG2Decode0
                                                                                                                                                                      /RichMedia0
                                                                                                                                                                      /Launch0
                                                                                                                                                                      /EmbeddedFile0

                                                                                                                                                                      Image Streams

                                                                                                                                                                      IDDHASHMD5Preview
                                                                                                                                                                      19000000000000000005cedba5db2bfcf40b91ddb4929069d92
                                                                                                                                                                      192000000000000000060da8e331f243aac93b3a7f478b780e0
                                                                                                                                                                      21069677f61656773631ddaf8fa0ba4fb13ef2fed17e989fb70
                                                                                                                                                                      213008a8a517055a3004199c7b9bb5554b8dab49998e40ae826
                                                                                                                                                                      2170c4d2c270f4c40888825bb0e1a8b6f2137739f13d661a47a

                                                                                                                                                                      Network Behavior

                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                      UDP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Dec 24, 2024 16:13:56.161149979 CET5591353192.168.2.241.1.1.1
                                                                                                                                                                      Dec 24, 2024 16:13:56.824882984 CET5591353192.168.2.241.1.1.1
                                                                                                                                                                      Dec 24, 2024 16:14:02.019998074 CET6384053192.168.2.241.1.1.1
                                                                                                                                                                      Dec 24, 2024 16:14:38.760296106 CET5747653192.168.2.241.1.1.1
                                                                                                                                                                      Dec 24, 2024 16:14:40.823236942 CET5747653192.168.2.241.1.1.1
                                                                                                                                                                      Dec 24, 2024 16:14:47.575061083 CET5651153192.168.2.241.1.1.1
                                                                                                                                                                      Dec 24, 2024 16:14:48.076220036 CET5651153192.168.2.241.1.1.1
                                                                                                                                                                      Dec 24, 2024 16:14:48.214271069 CET53565111.1.1.1192.168.2.24
                                                                                                                                                                      Dec 24, 2024 16:14:49.146353006 CET5651153192.168.2.241.1.1.1
                                                                                                                                                                      Dec 24, 2024 16:14:50.007780075 CET5651153192.168.2.241.1.1.1

                                                                                                                                                                      DNS Queries

                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                      Dec 24, 2024 16:13:56.161149979 CET192.168.2.241.1.1.10x8808Standard query (0)srtb.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:13:56.824882984 CET192.168.2.241.1.1.10xe220Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:02.019998074 CET192.168.2.241.1.1.10x51c0Standard query (0)tse1.mm.bing.netA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:38.760296106 CET192.168.2.241.1.1.10xd0b1Standard query (0)ims-na1.adobelogin.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:40.823236942 CET192.168.2.241.1.1.10x2301Standard query (0)res.public.onecdn.static.microsoftA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:47.575061083 CET192.168.2.241.1.1.10x295eStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:48.076220036 CET192.168.2.241.1.1.10x75ddStandard query (0)c.pki.googA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:49.146353006 CET192.168.2.241.1.1.10xa45Standard query (0)aefd.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:50.007780075 CET192.168.2.241.1.1.10x4c2fStandard query (0)x1.c.lencr.orgA (IP address)IN (0x0001)false

                                                                                                                                                                      DNS Answers

                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                      Dec 24, 2024 16:13:56.298405886 CET1.1.1.1192.168.2.240x8808No error (0)srtb.msn.comwww.msn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:13:56.298405886 CET1.1.1.1192.168.2.240x8808No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:13:56.962816000 CET1.1.1.1192.168.2.240xe220No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:02.160288095 CET1.1.1.1192.168.2.240x51c0No error (0)tse1.mm.bing.netmm-mm.bing.net.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:02.160288095 CET1.1.1.1192.168.2.240x51c0No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:02.160288095 CET1.1.1.1192.168.2.240x51c0No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:22.949714899 CET1.1.1.1192.168.2.240xd73cNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:22.949714899 CET1.1.1.1192.168.2.240xd73cNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:28.346852064 CET1.1.1.1192.168.2.240x65f9No error (0)resources-prod.licensingstack.com18.161.92.206A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:39.061300993 CET1.1.1.1192.168.2.240xd0b1No error (0)ims-na1.adobelogin.comadobelogin-weighted.prod.ims.adobejanus.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:39.061300993 CET1.1.1.1192.168.2.240xd0b1No error (0)adobelogin-weighted.prod.ims.adobejanus.comims-na1.adobelogin.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:41.072190046 CET1.1.1.1192.168.2.240x2301No error (0)res.public.onecdn.static.microsoftres-ocdi-public.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:41.072190046 CET1.1.1.1192.168.2.240x2301No error (0)res-2.public.onecdn.static.microsoftcdn-office.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:41.072190046 CET1.1.1.1192.168.2.240x2301No error (0)scdn1cc4b.wpc.9aea3.sigmacdn.netsni1gl.wpc.sigmacdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:41.072190046 CET1.1.1.1192.168.2.240x2301No error (0)sni1gl.wpc.sigmacdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:47.855962038 CET1.1.1.1192.168.2.240x295eNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:48.214271069 CET1.1.1.1192.168.2.240x75ddNo error (0)c.pki.googpki-goog.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:48.214271069 CET1.1.1.1192.168.2.240x75ddNo error (0)pki-goog.l.google.com142.250.181.99A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:49.283792973 CET1.1.1.1192.168.2.240xa45No error (0)aefd.nelreports.netaefd.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:50.145914078 CET1.1.1.1192.168.2.240x4c2fNo error (0)x1.c.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:51.886831999 CET1.1.1.1192.168.2.240x1f48No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:51.886831999 CET1.1.1.1192.168.2.240x1f48No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.98A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:51.886831999 CET1.1.1.1192.168.2.240x1f48No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.99A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:51.886831999 CET1.1.1.1192.168.2.240x1f48No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.101A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 24, 2024 16:14:51.886831999 CET1.1.1.1192.168.2.240x1f48No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.100A (IP address)IN (0x0001)false

                                                                                                                                                                      Statistics

                                                                                                                                                                      CPU Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Memory Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Behavior

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      System Behavior

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:1
                                                                                                                                                                      Start time:10:14:03
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\End of Year Accounting for The Estate of Janet Delesanti-2.pdf"
                                                                                                                                                                      Imagebase:0x7ff77a4a0000
                                                                                                                                                                      File size:5'887'384 bytes
                                                                                                                                                                      MD5 hash:4354BCD7483AABB81809350484FFD58F
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:5
                                                                                                                                                                      Start time:10:14:06
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                                                                                                                                                                      Imagebase:0x7ff641ba0000
                                                                                                                                                                      File size:12'292'504 bytes
                                                                                                                                                                      MD5 hash:1C26C611BFACED153F60CB1653A8745D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:6
                                                                                                                                                                      Start time:10:14:06
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8232
                                                                                                                                                                      Imagebase:0x7ff641ba0000
                                                                                                                                                                      File size:12'292'504 bytes
                                                                                                                                                                      MD5 hash:1C26C611BFACED153F60CB1653A8745D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:8
                                                                                                                                                                      Start time:10:14:08
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                                                                                      Imagebase:0x7ff6b2a40000
                                                                                                                                                                      File size:3'661'208 bytes
                                                                                                                                                                      MD5 hash:B104218348848F1F113AF11C0982931A
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:10
                                                                                                                                                                      Start time:10:14:11
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1652,i,9816887814325324639,16998118217230622433,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                                                                                      Imagebase:0x7ff6b2a40000
                                                                                                                                                                      File size:3'661'208 bytes
                                                                                                                                                                      MD5 hash:B104218348848F1F113AF11C0982931A
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:11
                                                                                                                                                                      Start time:10:14:12
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
                                                                                                                                                                      Imagebase:0x4d0000
                                                                                                                                                                      File size:218'280 bytes
                                                                                                                                                                      MD5 hash:92366A2F482926C3D0DD02D6F952F742
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:14
                                                                                                                                                                      Start time:10:14:13
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:8088
                                                                                                                                                                      Imagebase:0x7ff7e7b40000
                                                                                                                                                                      File size:3'586'968 bytes
                                                                                                                                                                      MD5 hash:D54E48D4768DA60C8C28AF49D2862EE7
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:16
                                                                                                                                                                      Start time:10:14:16
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1512 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2
                                                                                                                                                                      Imagebase:0x7ff786c30000
                                                                                                                                                                      File size:474'528 bytes
                                                                                                                                                                      MD5 hash:655A56A11FF0E2F0A6078D9DC2A79461
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:17
                                                                                                                                                                      Start time:10:14:16
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=1912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:8
                                                                                                                                                                      Imagebase:0x7ff786c30000
                                                                                                                                                                      File size:474'528 bytes
                                                                                                                                                                      MD5 hash:655A56A11FF0E2F0A6078D9DC2A79461
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:18
                                                                                                                                                                      Start time:10:14:18
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --first-renderer-process --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=5260462015 --mojo-platform-channel-handle=2180 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
                                                                                                                                                                      Imagebase:0x7ff786c30000
                                                                                                                                                                      File size:474'528 bytes
                                                                                                                                                                      MD5 hash:655A56A11FF0E2F0A6078D9DC2A79461
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:19
                                                                                                                                                                      Start time:10:14:18
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=5261158621 --mojo-platform-channel-handle=2268 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
                                                                                                                                                                      Imagebase:0x7ff786c30000
                                                                                                                                                                      File size:474'528 bytes
                                                                                                                                                                      MD5 hash:655A56A11FF0E2F0A6078D9DC2A79461
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:21
                                                                                                                                                                      Start time:10:14:23
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --mojo-platform-channel-handle=2400 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:2
                                                                                                                                                                      Imagebase:0x7ff786c30000
                                                                                                                                                                      File size:474'528 bytes
                                                                                                                                                                      MD5 hash:655A56A11FF0E2F0A6078D9DC2A79461
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:23
                                                                                                                                                                      Start time:10:14:36
                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --launch-time-ticks=5279044279 --mojo-platform-channel-handle=2912 --field-trial-handle=1680,i,5279835371788169838,14382164728314779093,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1
                                                                                                                                                                      Imagebase:0x7ff786c30000
                                                                                                                                                                      File size:474'528 bytes
                                                                                                                                                                      MD5 hash:655A56A11FF0E2F0A6078D9DC2A79461
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Disassembly

                                                                                                                                                                      No disassembly