Windows Analysis Report https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspx

Overview

General Information

Sample URL: https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspx
Analysis ID: 483797
Infos:

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\6368_1291508250\LICENSE.txt Jump to behavior
Source: unknown DNS traffic detected: queries for: r1.ddlnk.net
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: global traffic HTTP traffic detected: GET /43OD-158SX-3EYFX4-Z9XP4-1/c.aspx HTTP/1.1Host: r1.ddlnk.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: r1.ddlnk.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspxAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /cmpdoc/9/8/3/1/9/1/files/80819_stopping-driving-leaflet-updated-2016.pdf?dm_i=43OD,158SX,3EYFX4,58SMN,1 HTTP/1.1Host: i.emlfiles4.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspxAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/(15)
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/1.0/K
Source: AcroRd32.exe, 00000007.00000002.1187021265.000000000C9C6000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000007.00000002.1187021265.000000000C9C6000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/XA
Source: AcroRd32.exe, 00000007.00000002.1186425705.000000000C68A000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000007.00000002.1186425705.000000000C68A000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/1u
Source: AcroRd32.exe, 00000007.00000002.1186425705.000000000C68A000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000007.00000002.1186425705.000000000C68A000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/s
Source: AcroRd32.exe, 00000007.00000002.1193332711.000000000CEE3000.00000004.00000001.sdmp String found in binary or memory: http://wwobe.com/go/ipmre0Q9(1&
Source: AcroRd32.exe, 00000007.00000002.1192187229.000000000CEBD000.00000004.00000001.sdmp String found in binary or memory: http://www.adobe.co
Source: AcroRd32.exe, 00000007.00000002.1192187229.000000000CEBD000.00000004.00000001.sdmp String found in binary or memory: http://www.adobe.coor24_12_0_0Learn
Source: AcroRd32.exe, 00000007.00000002.1183291701.000000000A401000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000007.00000002.1187021265.000000000C9C6000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/-29/m#
Source: AcroRd32.exe, 00000007.00000002.1186425705.000000000C68A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000007.00000002.1183291701.000000000A401000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#Text
Source: AcroRd32.exe, 00000007.00000002.1186425705.000000000C68A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#y#
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000007.00000002.1183291701.000000000A401000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000007.00000002.1183291701.000000000A401000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#)
Source: AcroRd32.exe, 00000007.00000002.1183291701.000000000A401000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#orx
Source: AcroRd32.exe, 00000007.00000002.1186425705.000000000C68A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000007.00000002.1186425705.000000000C68A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#)#
Source: AcroRd32.exe, 00000007.00000002.1183291701.000000000A401000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000007.00000002.1183291701.000000000A401000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#(P))0
Source: AcroRd32.exe, 00000007.00000002.1183291701.000000000A401000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ent
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/F
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/W
Source: AcroRd32.exe, 00000007.00000002.1193583428.000000000CF82000.00000004.00000001.sdmp String found in binary or memory: http://www.berkshirehealthcare.nhs.uk
Source: AcroRd32.exe, 00000007.00000002.1193583428.000000000CF82000.00000004.00000001.sdmp String found in binary or memory: http://www.mobility-centres.org.uk
Source: AcroRd32.exe, 00000007.00000002.1193583428.000000000CF82000.00000004.00000001.sdmp String found in binary or memory: http://www.mobility-centres.org.ukd#
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/:
Source: AcroRd32.exe, 00000007.00000002.1186930233.000000000C93A000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/?
Source: AcroRd32.exe, 00000007.00000000.721092766.00000000089D3000.00000004.00000001.sdmp String found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000007.00000002.1186666593.000000000C81E000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000007.00000002.1186666593.000000000C81E000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/D-
Source: AcroRd32.exe, 00000007.00000002.1186666593.000000000C81E000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/M-
Source: AcroRd32.exe, 00000007.00000002.1186666593.000000000C81E000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/R-
Source: AcroRd32.exe, 00000007.00000002.1185169965.000000000A8CC000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000007.00000002.1185169965.000000000A8CC000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/7
Source: AcroRd32.exe, 00000007.00000002.1185169965.000000000A8CC000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/bx
Source: manifest.json0.0.dr, 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://accounts.google.com
Source: AcroRd32.exe, 00000007.00000002.1193801425.000000000D03C000.00000004.00000001.sdmp, AcroRd32.exe, 00000007.00000002.1186349084.000000000C642000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000007.00000002.1186349084.000000000C642000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.comRL
Source: manifest.json0.0.dr, 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://apis.google.com
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.0.dr String found in binary or memory: https://content.googleapis.com
Source: 14482012-67cb-424e-bd8b-28848397d2bf.tmp.2.dr, 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 3778b359-985c-4620-9a11-a3d98e20d50b.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.dr String found in binary or memory: https://hangouts.google.com/
Source: 000003.log3.0.dr, History-journal.0.dr, History.0.dr String found in binary or memory: https://i.emlfiles4.com/cmpdoc/9/8/3/1/9/1/files/80819_stopping-driving-leaflet-updated-2016.pdf?dm_
Source: AcroRd32.exe, 00000007.00000002.1182266599.0000000008D34000.00000004.00000001.sdmp String found in binary or memory: https://ims-na1.adobelogin.com
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://play.google.com
Source: Current Session.0.dr, History-journal.0.dr, History.0.dr String found in binary or memory: https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspx
Source: History.0.dr String found in binary or memory: https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspx/
Source: History Provider Cache.0.dr String found in binary or memory: https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspx2
Source: History Provider Cache.0.dr String found in binary or memory: https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspx2:
Source: History-journal.0.dr String found in binary or memory: https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspxhttps://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: manifest.json0.0.dr, 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com;
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 9cce9705-21f0-4659-aae8-364c88214ec5.tmp.2.dr, 37bca011-3a77-47cb-9323-c3bfcabe8f52.tmp.2.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\3a4f2600-b50c-45b8-b9a9-4294000c26b6.tmp Jump to behavior
Source: classification engine Classification label: clean0.win@66/296@5/8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://r1.ddlnk.net/43OD-158SX-3EYFX4-Z9XP4-1/c.aspx'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,1930883669927097210,5504769599394290222,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1312 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1548,1930883669927097210,5504769599394290222,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4900 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Downloads\80819_stopping-driving-leaflet-updated-2016.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Downloads\80819_stopping-driving-leaflet-updated-2016.pdf'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1548,1930883669927097210,5504769599394290222,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4832 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Downloads\80819_stopping-driving-leaflet-updated-2016 (1).pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Downloads\80819_stopping-driving-leaflet-updated-2016 (1).pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14181511299612281556 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14181511299612281556 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=12949104346968752108 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1113305957924523143 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1113305957924523143 --renderer-client-id=4 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=18032961120234443234 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18032961120234443234 --renderer-client-id=5 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6497978892086686249 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6497978892086686249 --renderer-client-id=6 --mojo-platform-channel-handle=1864 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9616312313971848960 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9616312313971848960 --renderer-client-id=7 --mojo-platform-channel-handle=1872 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,1930883669927097210,5504769599394290222,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1312 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1548,1930883669927097210,5504769599394290222,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4900 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Downloads\80819_stopping-driving-leaflet-updated-2016.pdf' Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1548,1930883669927097210,5504769599394290222,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4832 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Downloads\80819_stopping-driving-leaflet-updated-2016 (1).pdf' Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Downloads\80819_stopping-driving-leaflet-updated-2016.pdf' Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Downloads\80819_stopping-driving-leaflet-updated-2016 (1).pdf' Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14181511299612281556 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14181511299612281556 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=12949104346968752108 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1113305957924523143 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1113305957924523143 --renderer-client-id=4 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=18032961120234443234 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18032961120234443234 --renderer-client-id=5 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6497978892086686249 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6497978892086686249 --renderer-client-id=6 --mojo-platform-channel-handle=1864 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,8595971705311139824,14346601012522617524,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9616312313971848960 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9616312313971848960 --renderer-client-id=7 --mojo-platform-channel-handle=1872 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File read: C:\Program Files (x86)\desktop.ini Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6141DF30-18E0.pma Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe File opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfg Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File opened: C:\Windows\SysWOW64\Msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\6368_1291508250\LICENSE.txt Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: AcroRd32.exe, 00000007.00000002.1192187229.000000000CEBD000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlls<br

Anti Debugging:

barindex
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Code function: 7_2_00725050 LdrInitializeThunk, 7_2_00725050
Source: AcroRd32.exe, 00000007.00000000.719493296.0000000005610000.00000002.00020000.sdmp Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000007.00000000.719493296.0000000005610000.00000002.00020000.sdmp Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000007.00000000.719493296.0000000005610000.00000002.00020000.sdmp Binary or memory string: Progman
Source: AcroRd32.exe, 00000007.00000000.719493296.0000000005610000.00000002.00020000.sdmp Binary or memory string: Progmanlock