Windows Analysis Report
New Vendor Setup Form (1).pdf

ID:	1528507
Product:	CloudBasic
Start time:	00:20:41
Start date:	08.10.2024
Sample:	New Vendor Setup Form (1).pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a5e16d4ae1897b79c40b974a9a87cbb7
SHA1:	459c04f1ef78bc954f79ae72005c6535367ce7a6
SHA256:	bde712d7f3521fb86d53826f9de2b96d744cd6692f3334fb80861dd4cc299c7c
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	3B44C0E8DA76431C84988508AAC5578B	2AA1B5B98C1ADA1D4A039804841B0BEBA8265FFE	9B5139C5E72CF82D75342F95B88EDE3FAA18B570A6DD9C30A8DF711D0CCD147A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	3B44C0E8DA76431C84988508AAC5578B	2AA1B5B98C1ADA1D4A039804841B0BEBA8265FFE	9B5139C5E72CF82D75342F95B88EDE3FAA18B570A6DD9C30A8DF711D0CCD147A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	4A2D88D6BF0FF7282BC72F983282B02C	4D13E3D9C140F704E64639F7A0E8854FDB4E8872	D3579F82B538D48711CAE2614681A0B2CB39FB2CCEFE35E78EF18E374750A7C4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)	ASCII text	4A2D88D6BF0FF7282BC72F983282B02C	4D13E3D9C140F704E64639F7A0E8854FDB4E8872	D3579F82B538D48711CAE2614681A0B2CB39FB2CCEFE35E78EF18E374750A7C4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9bdd16a5-4475-4469-b51f-d73b141b3b18.tmp	JSON data	F3C04766430A66A9C9D0BCF86530B908	49642D4746CAE4628931932AA4DE5C74BD5B3304	25D2EC21FCDEA0D34BD3B15D4D89CA17732320575E45FE2AC411E52C65DAA54F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	F3C04766430A66A9C9D0BCF86530B908	49642D4746CAE4628931932AA4DE5C74BD5B3304	25D2EC21FCDEA0D34BD3B15D4D89CA17732320575E45FE2AC411E52C65DAA54F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	2C9E11F033D9978F1EC645AA01A8EB38	8C4E84791342754C564D56DBD7B59E61DD3D1C92	C28C54477FBEFA431D4868046008B51113CEBC18A5F7FEDE8F46F6571D3837A1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	1B727FF71223591B7EB72BFC4DE299AE	A178FADCBF2805736290697AE299C1B2A68EFEA1	2085C1FC423B789D00428E06B7C606EA6E058532E63CEBA4A4C4BB8FB48CE330
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)	ASCII text	1B727FF71223591B7EB72BFC4DE299AE	A178FADCBF2805736290697AE299C1B2A68EFEA1	2085C1FC423B789D00428E06B7C606EA6E058532E63CEBA4A4C4BB8FB48CE330
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db	SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1	863BB379B267B2404CB64A3BC9B4A650	139EDCE2C64569B81175543D1DE743EF474F4432	F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal	SQLite Rollback Journal	B36E0C46C38A4DD96B44ABF78B223D45	86A5613DA151A355AEC8A97692984D8798B25506	96C999B11F2DD96EDE35AE38F10DEF85CD49308FFAB52098BB7A11AE1E2C1236
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm	data	2B6ECB9BC4AB0C66FBB149FDB1C2E708	EC2A5287AE0758EEA40B320533B6508101AC4E10	3412618991B4CDF7A42E8AAE1A9995D348771127FFD0EE10200A4F215482D9F9
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal	SQLite Write-Ahead Log, version 3007000	38A27A313C89DBC12250BB0C157FEB17	C493795B6F09D1FC31EF65C2D9DBBBC6135CB76B	3E49E3E6194F4381748FA7ED309B889D5D19260143970189D253538968A6341A
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-10-07.log	ASCII text, with CRLF line terminators	0DB6403524BBF70344169849C234CBD4	7E99FEA8E22C5A8C1C2428221E45F7BBF3AE59E5	6160EB96B0E2DF26430CFCD15DA651B8CBF0D1F6B86DFBF655EFC44EF0D03071
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-10-08.log	ASCII text, with CRLF line terminators	B51A9B6C5089D7A5926FA12CA732B6D2	1C6CFF08481FEB0374839EC0321CB5A4A0F06493	1EC3378773616C980DA634050F49781078398BC0CC5C0FA42DBFBF0C66F684C4
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230	SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 1	F391306DD8BAA3198B26D3C80A906E19	6CD1B24D186F1CC68BF9097177DA5676C4A56422	62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal	SQLite Rollback Journal	5699F78C9758177B4A398607E0E030D9	BA1A4644452A8E3C3B1109782D36005223396153	A59B59958A9DE605D80F4720C40F32341EC2433CACEAF8E19051B66279FFF32E
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007222153Z-557.bmp	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54	7AF178E88EFD5D51B59535F51978CB48	FC09E40B1D75AA9FBC75EC8C30C9F47FD9C46C7A	9EF52B7DCAC61AC3DC89D1B89348956D6F2C44234800CACE2323C0CC934A9BD5
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 3	91601BBC3677DB9834BECC24318AD3CC	CE72912344427A173555C0ADD971A7623EACEC1A	20A12CEB4CDD754337B5C8D377C157BF3249F63B3B3F3DB2E9F7FFBA9C2897B6
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	1DF733A238B1DF428EBEC2BF62C6B895	2C34E50237A5504B1E3F07269CF722235E680D12	2419262B19EE6B3D84BC93885760F92AD0FCD83A532935362F0FF98010A51416
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer	SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 1	DCD066A1C8CA38D94ACA4E5DF6CA20BF	0C670E7CB31FE1CFD952082C3629AD8861BFD799	E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal	SQLite Rollback Journal	B69EF77B9B9372FB97BC938CE229E088	39BA998FCE5A6F655D4FD8281F492BB7ED998E28	901F96CC32581921A11C774C3CC8487088565BAACE4D35AF32BE9EC2FFECCF17
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D	Certificate, Version=3	0CD2F9E0DA1773E9ED864DA5E370E74E	CABD2A79A1076A31F21D253635CB039D4329A5E8	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D	data	D36FB66E41309508B1CD1AF698971B6F	583283F69D553F64112FC9F850D2A36832ED504F	08D09C0FBB41E942A5D212B458E4404D93DBAACCAD4359F4B980EC4DBE397CB7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat	data	87EDBEE38F56C20298F25D5D3D4D1B5C	7F904E9615AC3186A87472EF366DD8202855B0B7	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	0E6CE6336DEE5F9965C94200566FBBD5	DEC02951A747FEEC343DD0FCCB7DADEE5AE21395	2E14C580445A10F202A843D79FD8ED3B97BA6967B4C5C7C64119218DABF5FF4C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	2053A0EB88B01E564E096F5962644CC3	D99C5F95E0B4BFA5E5E81BED037AFF3416735DC6	7EEA2CA91533C580B6AD50F050308755CCA3384A9C2B07689BBBEEE1863CEE25
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	E5753CF97849019E6D22C2A67373E15C	92700E2794763FE05C84518E22E180C8C949ECBE	17920BD587AE3F63A349EF445FA7AA7714DA6E1699205412918723D69A256F8D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	C760954E7184A66C456BB8F49CAD4B53	5D7B328DE2B9E2A12AE90C8058F5896578F8EA57	E035AADFD71B940B3F22B701DD2719DD13FBAC2120CD2C3E408D1DBFA71C8343
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	747117D6F7F858133CA8BBA02EF8B2A8	9A3658B1689DAA18CD7FBA63E6573D497328EA29	BF231659BF523676A0C54ED4B1EA9C7FFCA3A41CBCF88C34A8624DA84EE840F8
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	675F2EF667BEA1D9F9E09F2C7D6B58CA	2A8FF36CFB2E2F8486019C404891D33666F65CF7	49C001C1929102616474A26D48A8B594F0D1D79D353B023A772E55BDDDCD5B55
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	327B3EF1E1C00B1972E991C3AA047FF5	45632B5A1127775934BB0C10AC00D954DDDBA853	23DB8B2EEE321C7E4BCF0E56447801275ED4A1F24A4E71A5D821216E03085637
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	F2CF077C37FFAD6BB5FDA67B7615EF4F	EBC6F630AA93953921B4E0922D04C6189A777782	4C28CE7ADE74BF58025A5248C40B72B2FFBA7C896EF61080769CE1160BB58C3F
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	F7D92C6ABF0DA807FA6205645125F5B2	9C7EABA7D96AF87665B3FCD5171E279A7FEDE31F	CF2976C3EB524384FFF7BA5877343C9432A0991FFA308161554703B5ED533A37
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	63CAE4D7C81C25D31038C930264DD6C6	B7EB6087C32DAFDE547AE1BC36E510650C3FB023	5759D4B1AC91970018FDFF92682B7A4837D8842C008D53557BC3642590814AD3
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	50BFDE366144BC85B7BE3D0B0A528719	4A9C765ACB2C38DF37620607F6C08C7F8D12A5F3	76F52F8B24BA2BB7332103BCBC6D35118E838D8C7265D78E29D06095F21D6575
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	B2C8D531B1161F6744AFD5EF4F799BFB	0C6D3A911F2E67593217270F2A1C659E70657B10	A90FC382AFC12647FE92DBAC8DA2DB4077D2074ECD36758FA9F32C7957F95236
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	C6A7C904E6F37589E557FE4BC89D9EFB	6050D7FBEF18D597C506E89F64DDDC90C1B431F5	F6F54AFE50A4356FBEF40A1018F8FE8A40697080706EBAE57F51408B04D620C9
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	8F8D5C983F195C4FFEE6609E35F88832	837613690D774FDE38C43074550EC153605773C4	BD36C88CF191474DB8F00C6F27B4ADADCC87E460594539DE9DFB9F0F512ADE7D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	A04E056F5483BD57A9A14AD269353FA6	6100909D7D0647C01CF2358935CE2EC6AFF9B62A	F522493B6DA77EE6BF29E0B2F55A1E5F1844378FBBC1C5F8B3CC80B9AD503E2B
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	ED4BA1E0531788796C6CA570FBB7756B	5EC46100F9EAD168915B33FE5D74B8160DB636F2	573D4A429B8B4CBD86CCC60F77CCA817E72079E118F619CB988DE42DBFDD1FE8
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	D58D39118D386F1CC0CCEE75BC4C1095	82B884DE9D5A7646CBCE4DC6A44DBC822DD6FD53	1CD1BF9ABD042B7A840975A4A2776D9BC824B23BC2DC901B9C98F90AC70160DA
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 30, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 30	F1CFD7B0D614D7D28947BF0D14CCDB32	162736B8F739E414756BC08C99F611DDAB1BFC6A	5FEC2781961DA7CE6E5EBD5E70E88B3F225F9925FD495755A493C70815840C5E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	FC16D769099DA18E2591DB667E915F1D	6D1D1A3DC199F414FEA1B2283B83B8E3237D16EE	851971C9AF3ED67E4FD148D8B27B103E657D3B8AE303F660D701CF60680C9218
C:\Users\user\AppData\Local\Temp\MSI96291.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	FB9C9E2D69173E6436159FF857280DCD	18D3A96AFF484D1848D4DA07E9A195F1B423CA01	880EE49ED5DCAF948EB28AD9483E9C3CCD7D9DC10F79F6B18142E9E978FC4F94
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A910kwo7h_17dcpi8_4wc.tmp	PDF document, version 1.6, 0 pages	F58D5C277415F8A86E9D1D42A518B80A	9F045FDB4B8F84352F7B1E416558E6CEB065F3CF	43B4603FCDA62203D88932A78D6C8C39327D1C6741EBC87374F93875D3016F72
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91pmr227_17dcpig_4wc.tmp	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)	BA1716D4FB435DA6C47CE77E3667E6A8	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-21-51-088.log	ASCII text, with very long lines (393)	1336667A75083BF81E2632FABAA88B67	46E40800B27D95DAED0DBB830E0D0BA85C031D40	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log	ASCII text, with very long lines (393), with CRLF line terminators	45BFEEA466147FF581ED2E3C381A8A40	DE150B0D1EC6151680687C8BD9CC06BBA93173E0	52BE775B6B39BAE59F97A52B9D0142068BDEAAA1F7CAD42F61DE7A2C6B2A457D
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	82CFAC9E0D65168688FE8ED777BFBD6A	4DAA3FD6F0D9541BC28F2842F032F71EDD15C0F7	9CCB5F34B2E3135D85333B4DAF7D464B89D47F493E36FEB454EF50C60992D02D
C:\Users\user\AppData\Local\Temp\acrocef_low\1ece06d6-8e37-4386-92d8-5ac163533c6c.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	8BB0FA47E49F27DE069D5487A9A84EF3	CE5CEA72D4D36F77C3057920EA61D280E66C6067	59D05E069918050C54C570005FAD7FB3918D9882759A54BDA30EA71A199893D1
C:\Users\user\AppData\Local\Temp\acrocef_low\b1c8ff15-d39e-4ddc-ae96-1e7b0f8a80c5.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290	9543A6C1DE815E938F6AA0F90F2EF0C6	62B527E0463D71548862DE000950E638F3721582	8A4B4F588D79D2AF9E617936932D8264DF9017D80A68F8D39E5EA36B14D76F1D
C:\Users\user\AppData\Local\Temp\acrocef_low\b35ee3df-6683-4531-b949-634a6812bb1c.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	3A49135134665364308390AC398006F1	28EF4CE5690BF8A9E048AF7D30688120DAC6F126	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
C:\Users\user\AppData\Local\Temp\acrocef_low\bcbe10cb-50b2-4424-a75a-d649e7ffb5cc.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	5C48B0AD2FEF800949466AE872E1F1E2	337D617AE142815EDDACB48484628C1F16692A2F	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings	ASCII text	DD4A3BD8B9FF61628346391EA9987E1D	474076C122CACAAF112469FC62976BB69187AA2B	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl	data	7113425405A05E110DC458BBF93F608A	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl	data	5274D23C3AB7C3D5A4F3F86D4249A545	8A3778F5083169B281B610F2036E79AEA3020192	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata	ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators	32FCA302C8B872738373D7CCB1E75FD4	DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1	CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6

Software Vulnerabilities

Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org

Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443

Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443

Networking

Source: global traffic

HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 2D85F72862B55C4EADD9E66E06947F3D0.15.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSd
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSk
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3069010031.000001084BA48000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.
Source: AdobeCollabSync.exe, 00000003.00000003.2687947932.0000010849C68000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3353627468.0000010849C68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/entit0n3
Source: AdobeCollabSync.exe, 00000003.00000003.3069010031.000001084BA48000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/entitc
Source: AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmp, EntitySync-2024-10-07.log.3.dr	String found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/-
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/0
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/697:
Source: AdobeCollabSync.exe, 00000003.00000003.2688127864.000001084BD1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/76v
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/A
Source: AdobeCollabSync.exe, 00000003.00000003.2688167400.000001084BD19000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354563857.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3180799658.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/G3
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/H
Source: AdobeCollabSync.exe, 00000003.00000003.2688167400.000001084BD19000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354563857.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3180799658.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/P
Source: AdobeCollabSync.exe, 00000003.00000003.2688167400.000001084BD19000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354563857.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3180799658.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/c3u
Source: AdobeCollabSync.exe, 00000003.00000003.2688167400.000001084BD19000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3180799658.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/~&
Source: AdobeCollabSync.exe, 00000003.00000003.2687947932.0000010849C68000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3353627468.0000010849C68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.ions
Source: AdobeCollabSync.exe, 00000003.00000003.2687947932.0000010849C68000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3353627468.0000010849C68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.ios
Source: AdobeCollabSync.exe, 00000002.00000002.3352938603.00000282276CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comR
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reviews.adobe.io
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/g

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443

System Summary

Source: classification engine

Classification label: clean2.winPDF@41/59@2/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A910kwo7h_17dcpi8_4wc.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084B9D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084B9D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS content_item_revisions( content_item_revision_id TEXT PRIMARY KEY NOT NULL, cloud_etag TEXT DEFAULT NULL, cloud_version_id TEXT DEFAULT NULL, updated TIMESTAMP DEFAULT NULL, acl TEXT DEFAULT NULL, local_etag TEXT DEFAULT NULL, local_version_id TEXT DEFAULT NULL, request_id TEXT DEFAULT NULL, content_name TEXT DEFAULT NULL);
Source: AdobeCollabSync.exe, 00000003.00000003.2688084293.000001084BA48000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3069010031.000001084BA48000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084B9D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);O

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\New Vendor Setup Form (1).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1472
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1088
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5236
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2680
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2992
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1524,i,8648760949684156529,1724978059203320753,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1472			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1088			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5236
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2680
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2992
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1524,i,8648760949684156529,1724978059203320753,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdprt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wldp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: dsreg.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: onecoreuapcommonproxystub.dll

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: New Vendor Setup Form (1).pdf	Initial sample: PDF keyword /JS count = 0
Source: New Vendor Setup Form (1).pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A910kwo7h_17dcpi8_4wc.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A910kwo7h_17dcpi8_4wc.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: New Vendor Setup Form (1).pdf

Initial sample: PDF keyword /Page count = 34

Source: New Vendor Setup Form (1).pdf

Initial sample: PDF keyword startxref count = 34

Source: New Vendor Setup Form (1).pdf

Initial sample: PDF keyword stream count = 303

Source: New Vendor Setup Form (1).pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: New Vendor Setup Form (1).pdf

Initial sample: PDF keyword /ObjStm count = 11

Source: New Vendor Setup Form (1).pdf

Initial sample: PDF keyword endobj count = 651

Source: New Vendor Setup Form (1).pdf

Initial sample: PDF keyword endstream count = 303

Source: New Vendor Setup Form (1).pdf

Initial sample: PDF eof value = 34

Source: New Vendor Setup Form (1).pdf

Initial sample: PDF keyword obj count = 651

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Thread delayed: delay time: 86400000

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000			Jump to behavior

Source: AdobeCollabSync.exe, 0000000B.00000002.2167990716.000002070ABD8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt8
Source: AdobeCollabSync.exe, 0000000B.00000002.2167990716.000002070ABD8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AdobeCollabSync.exe, 00000006.00000002.2125381057.000001EC253D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>
Source: AdobeCollabSync.exe, 00000002.00000002.3352938603.00000282275EC000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3353454670.0000010849C29000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000004.00000002.2106924837.000001C83ACF8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000005.00000002.2105607441.0000018041BC9000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000002.2124502572.000001B6EE46A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000008.00000002.2148975790.00000197AC658000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000009.00000002.2147827502.00000212CC768000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000002.2169540270.000001FD8A708000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000D.00000002.2190041452.000002971B7B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AdobeCollabSync.exe, 0000000C.00000002.2191404427.0000015CA6858000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]]

Language, Device and Operating System Detection

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior