Reader does not launch
Copy link to clipboard
Copied
I double click the reader icon, or even the executable itself, and nothing happens:
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"1:20:43.4628506 PM","AcroRd32.exe","3984","Process Start","","SUCCESS","Parent PID: 5424"
"1:20:43.4628527 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 7844"
"1:20:43.4742898 PM","StartMenuExperienceHost.exe","4976","Thread Create","","SUCCESS","Thread ID: 6716"
"1:20:43.4814628 PM","StartMenuExperienceHost.exe","4976","Thread Create","","SUCCESS","Thread ID: 3276"
"1:20:43.4892070 PM","AcroRd32.exe","3984","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Image Base: 0x450000, Image Size: 0x308000"
"1:20:43.4895812 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x77870000, Image Size: 0x19e000"
"1:20:43.4930732 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\Desktop","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4933357 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x77790000, Image Size: 0x9a000"
"1:20:43.4936051 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\KernelBase.dll","SUCCESS","Image Base: 0x759d0000, Image Size: 0x212000"
"1:20:43.4944563 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\KernelBase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\KernelBase.dll"
"1:20:43.4945520 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\KernelBase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\KernelBase.dll"
"1:20:43.4953505 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\apphelp.dll","FAST IO DISALLOWED",""
"1:20:43.4954730 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\apphelp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4955111 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\apphelp.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 5/14/2021 10:49:25 AM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 5/14/2021 10:49:26 AM, ChangeTime: 8/12/2021 7:29:33 PM, FileAttributes: A"
"1:20:43.4955214 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.4955381 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.4956678 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\apphelp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4957267 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\apphelp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.4957372 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.4958297 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\apphelp.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.4958375 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.4960026 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\apphelp.dll","SUCCESS","Image Base: 0x73890000, Image Size: 0x9f000"
"1:20:43.4962025 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.4962199 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.4963135 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\apphelp.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\apphelp.dll"
"1:20:43.4965029 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\apphelp.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\apphelp.dll"
"1:20:43.4968312 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4968618 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","BUFFER OVERFLOW","Information: Owner"
"1:20:43.4968745 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Information: Owner"
"1:20:43.4968857 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.4969021 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.4970536 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\ntdll.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4970901 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ntdll.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.4971023 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ntdll.dll","SUCCESS","Information: Owner"
"1:20:43.4971133 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\ntdll.dll","SUCCESS",""
"1:20:43.4971285 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\ntdll.dll","SUCCESS",""
"1:20:43.4972714 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\kernel32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4973079 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\kernel32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.4973199 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\kernel32.dll","SUCCESS","Information: Owner"
"1:20:43.4973324 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\kernel32.dll","SUCCESS",""
"1:20:43.4973482 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\kernel32.dll","SUCCESS",""
"1:20:43.4975000 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\KernelBase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4975266 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\KernelBase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.4975438 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\KernelBase.dll","SUCCESS","Information: Owner"
"1:20:43.4975577 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\KernelBase.dll","SUCCESS",""
"1:20:43.4975745 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\KernelBase.dll","SUCCESS",""
"1:20:43.4977293 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4977876 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,873,792, EndOfFile: 3,873,652, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.4978015 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,873,792, EndOfFile: 3,873,652, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.4978124 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.4978219 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,873,792, EndOfFile: 3,873,652, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.4978297 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.4978378 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.4978446 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.4981098 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4982202 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.4983594 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4984087 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:29 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/31/2021 7:34:29 PM, ChangeTime: 8/1/2021 2:48:58 AM, FileAttributes: A"
"1:20:43.4984213 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.4984383 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.4984527 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:53 PM, FileAttributes: A"
"1:20:43.4984833 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.4984981 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.4986480 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4987479 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.4987647 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:53 PM, FileAttributes: A"
"1:20:43.4987906 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.4988381 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.4992293 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.4992475 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.4994564 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\AcGenral.dll","FAST IO DISALLOWED",""
"1:20:43.4995846 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\AcGenral.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4996222 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\AcGenral.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:34:45 PM, LastAccessTime: 8/13/2021 1:19:10 PM, LastWriteTime: 10/13/2020 5:34:45 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.4996326 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.4996483 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.4997873 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\AcGenral.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.4998430 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\AcGenral.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.4998569 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.5000188 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\AcGenral.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5000274 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.5002037 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\AcGenral.dll","SUCCESS","Image Base: 0x62ba0000, Image Size: 0x251000"
"1:20:43.5006497 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\msvcrt.dll","SUCCESS","Image Base: 0x761a0000, Image Size: 0xbf000"
"1:20:43.5008925 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\sechost.dll","SUCCESS","Image Base: 0x76120000, Image Size: 0x75000"
"1:20:43.5011357 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\rpcrt4.dll","SUCCESS","Image Base: 0x76590000, Image Size: 0xc6000"
"1:20:43.5014348 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\shlwapi.dll","SUCCESS","Image Base: 0x763d0000, Image Size: 0x45000"
"1:20:43.5017291 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x77190000, Image Size: 0x179000"
"1:20:43.5019753 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\win32u.dll","SUCCESS","Image Base: 0x75c90000, Image Size: 0x1d000"
"1:20:43.5023143 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\gdi32.dll","SUCCESS","Image Base: 0x76680000, Image Size: 0x22000"
"1:20:43.5025672 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\gdi32full.dll","SUCCESS","Image Base: 0x75cb0000, Image Size: 0xdb000"
"1:20:43.5027981 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\msvcp_win.dll","SUCCESS","Image Base: 0x75bf0000, Image Size: 0x7b000"
"1:20:43.5030148 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\ucrtbase.dll","SUCCESS","Image Base: 0x75de0000, Image Size: 0x120000"
"1:20:43.5034996 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\ole32.dll","SUCCESS","Image Base: 0x75f00000, Image Size: 0xe3000"
"1:20:43.5037627 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\combase.dll","SUCCESS","Image Base: 0x774a0000, Image Size: 0x281000"
"1:20:43.5040389 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\oleaut32.dll","SUCCESS","Image Base: 0x77400000, Image Size: 0x96000"
"1:20:43.5043094 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\shell32.dll","SUCCESS","Image Base: 0x76bd0000, Image Size: 0x5b3000"
"1:20:43.5048080 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\advapi32.dll","SUCCESS","Image Base: 0x75ff0000, Image Size: 0x7a000"
"1:20:43.5049460 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.5049645 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.5056075 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\uxtheme.dll","FAST IO DISALLOWED",""
"1:20:43.5057773 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\uxtheme.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5058149 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\uxtheme.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 6/24/2021 7:03:53 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 6/24/2021 7:03:54 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5058260 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.5058411 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.5059942 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\uxtheme.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5060506 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\uxtheme.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5060606 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.5062141 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\uxtheme.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5062219 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.5063756 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\uxtheme.dll","SUCCESS","Image Base: 0x73940000, Image Size: 0x7d000"
"1:20:43.5064826 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.5065068 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.5072382 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\winmm.dll","FAST IO DISALLOWED",""
"1:20:43.5073836 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winmm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5074204 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\winmm.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:31:56 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:31:56 PM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.5074310 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.5074461 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.5075853 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winmm.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5076397 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmm.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5076497 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.5077447 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmm.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5077532 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.5080003 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\winmm.dll","SUCCESS","Image Base: 0x70b80000, Image Size: 0x28000"
"1:20:43.5080996 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.5081163 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.5082639 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\samcli.dll","FAST IO DISALLOWED",""
"1:20:43.5084136 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\samcli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5084495 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\samcli.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:37 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:37 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5084597 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.5084746 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.5086299 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\samcli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5086834 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\samcli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5086929 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.5087847 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\samcli.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5087925 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.5089979 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\samcli.dll","SUCCESS","Image Base: 0x6fcb0000, Image Size: 0x15000"
"1:20:43.5090837 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.5091006 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.5096944 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\msacm32.dll","FAST IO DISALLOWED",""
"1:20:43.5098390 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msacm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5098763 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\msacm32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:06:30 AM, LastAccessTime: 8/13/2021 1:19:10 PM, LastWriteTime: 12/7/2019 1:06:30 AM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.5098864 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.5099016 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.5100375 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msacm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5100913 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msacm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5101023 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.5102380 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msacm32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5102466 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.5103969 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\msacm32.dll","SUCCESS","Image Base: 0x6d3b0000, Image Size: 0x19000"
"1:20:43.5104985 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.5105152 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.5106617 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\version.dll","FAST IO DISALLOWED",""
"1:20:43.5107849 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5108198 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\version.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:34:33 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:34:33 PM, ChangeTime: 8/12/2021 7:29:53 PM, FileAttributes: A"
"1:20:43.5108295 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.5108447 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.5109964 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5110527 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5110628 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.5112335 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\version.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5112422 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.5114805 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\version.dll","SUCCESS","Image Base: 0x6e0a0000, Image Size: 0x8000"
"1:20:43.5115613 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.5115784 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.5121897 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\userenv.dll","FAST IO DISALLOWED",""
"1:20:43.5123090 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\userenv.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5123465 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\userenv.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:38 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:38 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5123565 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.5123718 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.5125268 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\userenv.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5125809 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\userenv.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5125916 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.5126865 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\userenv.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5126945 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.5128391 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\userenv.dll","SUCCESS","Image Base: 0x756b0000, Image Size: 0x25000"
"1:20:43.5129434 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.5129598 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.5131286 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\dwmapi.dll","FAST IO DISALLOWED",""
"1:20:43.5132688 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\dwmapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5133103 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\dwmapi.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 1/13/2021 2:11:37 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 1/13/2021 2:11:37 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5133288 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.5133441 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.5136216 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\dwmapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5136798 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dwmapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5136904 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.5139182 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dwmapi.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5139267 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.5140717 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\dwmapi.dll","SUCCESS","Image Base: 0x73c90000, Image Size: 0x26000"
"1:20:43.5141797 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.5141966 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.5143740 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\urlmon.dll","FAST IO DISALLOWED",""
"1:20:43.5145074 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\urlmon.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5145439 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\urlmon.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:27 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 7/31/2021 7:34:28 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5145537 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.5145687 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.5147228 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\urlmon.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5147793 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\urlmon.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5147893 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.5148827 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\urlmon.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5148912 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.5152534 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\urlmon.dll","SUCCESS","Image Base: 0x6adb0000, Image Size: 0x1a8000"
"1:20:43.5154274 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.5154444 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.5159474 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\winspool.drv","FAST IO DISALLOWED",""
"1:20:43.5161014 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5161364 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\winspool.drv","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 6/12/2021 10:34:04 AM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 6/12/2021 10:34:04 AM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.5161519 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.5161671 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.5163103 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5163666 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winspool.drv","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5163763 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.5164803 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winspool.drv","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5164886 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.5166471 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\winspool.drv","SUCCESS","Image Base: 0x614b0000, Image Size: 0x6d000"
"1:20:43.5167528 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.5167697 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.5169163 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\mpr.dll","FAST IO DISALLOWED",""
"1:20:43.5178788 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\mpr.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5179132 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\mpr.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:54 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:54 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5179233 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.5179380 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.5180820 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\mpr.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5181392 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\mpr.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5181490 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.5182986 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\mpr.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5183075 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.5189779 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\mpr.dll","SUCCESS","Image Base: 0x60c90000, Image Size: 0x19000"
"1:20:43.5200406 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.5200575 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.5202031 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\sspicli.dll","FAST IO DISALLOWED",""
"1:20:43.5203643 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5204075 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\sspicli.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 5/14/2021 10:49:45 AM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 5/14/2021 10:49:45 AM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5204188 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.5204369 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.5205807 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5206372 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\sspicli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5206473 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.5207406 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\sspicli.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5207558 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.5209047 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\sspicli.dll","SUCCESS","Image Base: 0x75680000, Image Size: 0x25000"
"1:20:43.5209952 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.5210121 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.5214163 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\winmmbase.dll","FAST IO DISALLOWED",""
"1:20:43.5215507 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5215736 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\winmmbase.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:06:30 AM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 12/7/2019 1:06:30 AM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.5215836 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5215991 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5217373 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winmmbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5217809 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmmbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5217906 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5218808 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmmbase.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5218889 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5221059 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\winmmbase.dll","SUCCESS","Image Base: 0x70240000, Image Size: 0x1d000"
"1:20:43.5222064 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5222228 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5223993 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\winmmbase.dll","FAST IO DISALLOWED",""
"1:20:43.5225319 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5225522 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\winmmbase.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:06:30 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 12/7/2019 1:06:30 AM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.5225615 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5225756 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5229279 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\iertutil.dll","FAST IO DISALLOWED",""
"1:20:43.5230601 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\iertutil.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5230980 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\iertutil.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 6/24/2021 7:03:53 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 6/24/2021 7:03:53 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5231086 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.5231242 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.5232717 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\iertutil.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5233294 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\iertutil.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5233392 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.5234320 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\iertutil.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5234402 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.5235924 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\iertutil.dll","SUCCESS","Image Base: 0x6cb20000, Image Size: 0x22b000"
"1:20:43.5239206 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\SHCore.dll","SUCCESS","Image Base: 0x76090000, Image Size: 0x87000"
"1:20:43.5240332 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.5240516 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.5242192 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\srvcli.dll","FAST IO DISALLOWED",""
"1:20:43.5243692 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\srvcli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5244033 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\srvcli.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:38 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:38 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5244132 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.5244280 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.5245765 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\srvcli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5246319 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\srvcli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5246419 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.5247405 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\srvcli.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5247483 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.5248801 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\srvcli.dll","SUCCESS","Image Base: 0x6ad90000, Image Size: 0x1d000"
"1:20:43.5249672 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.5249838 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.5251291 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\netutils.dll","FAST IO DISALLOWED",""
"1:20:43.5252569 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\netutils.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5253023 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\netutils.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:37 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:37 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5253123 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.5253293 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.5254770 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\netutils.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5255322 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netutils.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5255471 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.5256385 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netutils.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5256469 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.5258344 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\netutils.dll","SUCCESS","Image Base: 0x74e80000, Image Size: 0xb000"
"1:20:43.5259273 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.5259446 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.5286182 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msvcrt.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5286554 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcrt.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5286689 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcrt.dll","SUCCESS","Information: Owner"
"1:20:43.5286803 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msvcrt.dll","SUCCESS",""
"1:20:43.5286960 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msvcrt.dll","SUCCESS",""
"1:20:43.5288835 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\rpcrt4.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5289201 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\rpcrt4.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5289374 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\rpcrt4.dll","SUCCESS","Information: Owner"
"1:20:43.5289489 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\rpcrt4.dll","SUCCESS",""
"1:20:43.5289642 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\rpcrt4.dll","SUCCESS",""
"1:20:43.5291469 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\sechost.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5291864 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\sechost.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5292051 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\sechost.dll","SUCCESS","Information: Owner"
"1:20:43.5292180 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\sechost.dll","SUCCESS",""
"1:20:43.5292333 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\sechost.dll","SUCCESS",""
"1:20:43.5295775 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\shlwapi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5296154 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\shlwapi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5296276 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\shlwapi.dll","SUCCESS","Information: Owner"
"1:20:43.5296390 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\shlwapi.dll","SUCCESS",""
"1:20:43.5296543 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\shlwapi.dll","SUCCESS",""
"1:20:43.5298399 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\ucrtbase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5298784 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ucrtbase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5298908 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ucrtbase.dll","SUCCESS","Information: Owner"
"1:20:43.5299019 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\ucrtbase.dll","SUCCESS",""
"1:20:43.5299175 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\ucrtbase.dll","SUCCESS",""
"1:20:43.5300834 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\combase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5301186 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\combase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5301307 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\combase.dll","SUCCESS","Information: Owner"
"1:20:43.5301419 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\combase.dll","SUCCESS",""
"1:20:43.5301567 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\combase.dll","SUCCESS",""
"1:20:43.5303472 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\win32u.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5303822 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\win32u.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5303942 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\win32u.dll","SUCCESS","Information: Owner"
"1:20:43.5304053 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\win32u.dll","SUCCESS",""
"1:20:43.5304203 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\win32u.dll","SUCCESS",""
"1:20:43.5305742 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msvcp_win.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5305989 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcp_win.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5306107 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcp_win.dll","SUCCESS","Information: Owner"
"1:20:43.5306216 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp_win.dll","SUCCESS",""
"1:20:43.5306367 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msvcp_win.dll","SUCCESS",""
"1:20:43.5308629 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\user32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5308980 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\user32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5309099 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\user32.dll","SUCCESS","Information: Owner"
"1:20:43.5309209 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\user32.dll","SUCCESS",""
"1:20:43.5309358 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\user32.dll","SUCCESS",""
"1:20:43.5312389 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\gdi32full.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5312652 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\gdi32full.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5312776 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\gdi32full.dll","SUCCESS","Information: Owner"
"1:20:43.5312892 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\gdi32full.dll","SUCCESS",""
"1:20:43.5313048 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\gdi32full.dll","SUCCESS",""
"1:20:43.5316086 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\gdi32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5316447 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\gdi32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5316570 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\gdi32.dll","SUCCESS","Information: Owner"
"1:20:43.5316688 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\gdi32.dll","SUCCESS",""
"1:20:43.5316845 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\gdi32.dll","SUCCESS",""
"1:20:43.5318421 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\uxtheme.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5318779 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\uxtheme.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5323228 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\uxtheme.dll","SUCCESS","Information: Owner"
"1:20:43.5323360 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.5323513 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.5325385 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winmm.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5325759 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winmm.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5325977 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winmm.dll","SUCCESS","Information: Owner"
"1:20:43.5326092 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.5326241 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.5327968 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\samcli.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5328338 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\samcli.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5328459 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\samcli.dll","SUCCESS","Information: Owner"
"1:20:43.5328570 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.5328719 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.5330203 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\ole32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5330573 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ole32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5330690 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ole32.dll","SUCCESS","Information: Owner"
"1:20:43.5330801 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\ole32.dll","SUCCESS",""
"1:20:43.5330950 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\ole32.dll","SUCCESS",""
"1:20:43.5332828 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\oleaut32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5333188 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\oleaut32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5333317 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\oleaut32.dll","SUCCESS","Information: Owner"
"1:20:43.5333427 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\oleaut32.dll","SUCCESS",""
"1:20:43.5333578 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\oleaut32.dll","SUCCESS",""
"1:20:43.5335337 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\advapi32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5335721 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\advapi32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5335838 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\advapi32.dll","SUCCESS","Information: Owner"
"1:20:43.5335953 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\advapi32.dll","SUCCESS",""
"1:20:43.5336107 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\advapi32.dll","SUCCESS",""
"1:20:43.5338144 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winmmbase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5338399 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winmmbase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5338518 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winmmbase.dll","SUCCESS","Information: Owner"
"1:20:43.5338631 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5338790 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.5340495 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msacm32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5340847 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msacm32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5340963 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msacm32.dll","SUCCESS","Information: Owner"
"1:20:43.5341077 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.5341230 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.5342867 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5343260 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\version.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5343418 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\version.dll","SUCCESS","Information: Owner"
"1:20:43.5343533 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.5343739 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.5345571 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\shell32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5345939 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\shell32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5346060 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\shell32.dll","SUCCESS","Information: Owner"
"1:20:43.5346172 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\shell32.dll","SUCCESS",""
"1:20:43.5346323 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\shell32.dll","SUCCESS",""
"1:20:43.5348593 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\userenv.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5348964 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\userenv.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5349084 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\userenv.dll","SUCCESS","Information: Owner"
"1:20:43.5349195 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.5349345 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.5350917 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\dwmapi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5351272 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\dwmapi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5351390 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\dwmapi.dll","SUCCESS","Information: Owner"
"1:20:43.5351497 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.5351643 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.5353148 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\SHCore.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5353510 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\SHCore.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5353623 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\SHCore.dll","SUCCESS","Information: Owner"
"1:20:43.5353731 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\SHCore.dll","SUCCESS",""
"1:20:43.5353877 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\SHCore.dll","SUCCESS",""
"1:20:43.5355505 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\iertutil.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5355892 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\iertutil.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5356008 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\iertutil.dll","SUCCESS","Information: Owner"
"1:20:43.5356122 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.5356272 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.5358090 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\srvcli.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5358444 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\srvcli.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5358558 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\srvcli.dll","SUCCESS","Information: Owner"
"1:20:43.5358667 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.5358840 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.5360643 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\netutils.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5361021 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\netutils.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5361157 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\netutils.dll","SUCCESS","Information: Owner"
"1:20:43.5361270 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.5361428 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.5363018 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\urlmon.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5363448 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\urlmon.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5363572 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\urlmon.dll","SUCCESS","Information: Owner"
"1:20:43.5363685 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.5363838 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.5365706 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5366079 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winspool.drv","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5366200 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winspool.drv","SUCCESS","Information: Owner"
"1:20:43.5366311 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.5366462 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.5368206 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\mpr.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5368566 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\mpr.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5368684 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\mpr.dll","SUCCESS","Information: Owner"
"1:20:43.5368786 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.5368935 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.5370553 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5370904 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\sspicli.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5371019 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\sspicli.dll","SUCCESS","Information: Owner"
"1:20:43.5371127 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.5371276 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.5375219 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\sechost.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\sechost.dll"
"1:20:43.5376247 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\sechost.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\sechost.dll"
"1:20:43.5387549 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\combase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\combase.dll"
"1:20:43.5388547 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\combase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\combase.dll"
"1:20:43.5389875 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\combase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\combase.dll"
"1:20:43.5390840 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\combase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\combase.dll"
"1:20:43.5395194 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\imm32.dll","FAST IO DISALLOWED",""
"1:20:43.5396692 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5397071 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\imm32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:55 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:55 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5397175 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.5397332 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.5398686 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5399297 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.5399404 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\imm32.dll","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 147,968, EndOfFile: 147,704, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.5399490 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.5399572 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5399644 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.5400110 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.5400285 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.5402276 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\imm32.dll","SUCCESS","Image Base: 0x77840000, Image Size: 0x26000"
"1:20:43.5405649 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5406096 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\imm32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5406309 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\imm32.dll","SUCCESS","Information: Owner"
"1:20:43.5406423 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.5406573 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.5409253 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\user32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\user32.dll"
"1:20:43.5419636 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\edgegdi.dll","FAST IO DISALLOWED",""
"1:20:43.5420852 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\edgegdi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.5428863 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ole32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ole32.dll"
"1:20:43.5429509 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ole32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ole32.dll"
"1:20:43.5432999 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\advapi32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\advapi32.dll"
"1:20:43.5433733 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\advapi32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\advapi32.dll"
"1:20:43.5437238 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\shell32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\shell32.dll"
"1:20:43.5437940 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\shell32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\shell32.dll"
"1:20:43.5438529 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\shell32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\shell32.dll"
"1:20:43.5441076 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\iertutil.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\iertutil.dll"
"1:20:43.5443911 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\urlmon.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\urlmon.dll"
"1:20:43.5444937 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\winspool.drv","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\winspool.drv"
"1:20:43.5448385 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\mpr.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\mpr.dll"
"1:20:43.5449185 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\sspicli.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\sspicli.dll"
"1:20:43.5451610 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 6588"
"1:20:43.5455608 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CRYPTBASE.DLL","FAST IO DISALLOWED",""
"1:20:43.5456882 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CRYPTBASE.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.5458426 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\cryptbase.dll","FAST IO DISALLOWED",""
"1:20:43.5459591 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5459811 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\cryptbase.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:52 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:52 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5459909 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.5460063 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.5461380 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5461838 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\cryptbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5461932 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.5462852 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\cryptbase.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5462930 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.5464873 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\cryptbase.dll","SUCCESS","Image Base: 0x751b0000, Image Size: 0xa000"
"1:20:43.5465742 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.5465907 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.5467849 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5468098 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\cryptbase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5468220 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\cryptbase.dll","SUCCESS","Information: Owner"
"1:20:43.5468336 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.5468486 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.5472357 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
"1:20:43.5474985 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 7704"
"1:20:43.5475082 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.3.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
"1:20:43.5477057 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","FAST IO DISALLOWED",""
"1:20:43.5478284 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.5480063 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5481805 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","FAST IO DISALLOWED",""
"1:20:43.5483022 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5483294 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/16/2021 1:14:31 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 7/9/2021 8:47:26 AM, ChangeTime: 8/12/2021 7:29:54 PM, FileAttributes: A"
"1:20:43.5483395 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.5483549 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.5484851 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5485316 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5485420 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.5486436 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5486522 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.5488043 PM","AcroRd32.exe","3984","Load Image","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","Image Base: 0x6ed50000, Image Size: 0x210000"
"1:20:43.5490508 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.5490688 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.5493832 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5494270 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WindowsShell.Manifest","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.5494372 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\WindowsShell.Manifest","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 1,024, EndOfFile: 670, NumberOfLinks: 3, DeletePending: False, Directory: False"
"1:20:43.5494478 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WindowsShell.Manifest","SUCCESS",""
"1:20:43.5494554 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5494626 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WindowsShell.Manifest","SUCCESS",""
"1:20:43.5495275 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\WindowsShell.Manifest","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 1,024, EndOfFile: 670, NumberOfLinks: 3, DeletePending: False, Directory: False"
"1:20:43.5498339 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\WindowsShell.Manifest","SUCCESS",""
"1:20:43.5498493 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\WindowsShell.Manifest","SUCCESS",""
"1:20:43.5503908 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","FAST IO DISALLOWED",""
"1:20:43.5505202 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5505467 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:53 PM, FileAttributes: A"
"1:20:43.5505569 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.5505724 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.5507234 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5507605 PM","AcroRd32.exe","3984","IRP_MJ_DIRECTORY_CONTROL","C:\Program Files\Adobe","SUCCESS","Type: QueryDirectory, Filter: Adobe, 2: Adobe"
"1:20:43.5507869 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.5508008 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.5509319 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5509668 PM","AcroRd32.exe","3984","IRP_MJ_DIRECTORY_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Type: QueryDirectory, Filter: Reader, 2: Reader"
"1:20:43.5509889 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.5510021 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.5511314 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5511682 PM","AcroRd32.exe","3984","IRP_MJ_DIRECTORY_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryDirectory, Filter: AcroRd32.exe, 2: AcroRd32.exe"
"1:20:43.5511906 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.5512037 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.5517660 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\ntmarta.dll","FAST IO DISALLOWED",""
"1:20:43.5518854 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\ntmarta.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5519226 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\ntmarta.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:38 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:38 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5519343 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.5519491 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.5520800 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\ntmarta.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5521337 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ntmarta.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5521432 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.5522322 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ntmarta.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5522400 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.5524063 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\ntmarta.dll","SUCCESS","Image Base: 0x74690000, Image Size: 0x29000"
"1:20:43.5525390 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.5525554 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.5527914 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\ntmarta.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5528314 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ntmarta.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5528442 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ntmarta.dll","SUCCESS","Information: Owner"
"1:20:43.5528551 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.5528699 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.5530640 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 6276"
"1:20:43.5534341 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5534792 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.5534888 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,371,520, EndOfFile: 3,371,404, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.5534972 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"1:20:43.5535044 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5535114 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"1:20:43.5535273 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"1:20:43.5535424 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"1:20:43.5540072 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\rpcss.dll","FAST IO DISALLOWED",""
"1:20:43.5541258 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\rpcss.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5541593 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\rpcss.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:19 PM, LastAccessTime: 8/13/2021 1:20:38 PM, LastWriteTime: 7/31/2021 7:34:19 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5541691 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.5541838 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.5543126 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\rpcss.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5543696 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\rpcss.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.5543794 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\rpcss.dll","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 1,105,408, EndOfFile: 1,105,408, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.5543877 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.5543948 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\rpcss.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5544016 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.5544326 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.5544482 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.5546677 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\kernel.appcore.dll","FAST IO DISALLOWED",""
"1:20:43.5547882 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5548098 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:07 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:07 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5548193 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.5548338 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.5549657 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5550076 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\kernel.appcore.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5550168 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.5551067 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\kernel.appcore.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5551145 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.5552667 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Image Base: 0x73c20000, Image Size: 0xf000"
"1:20:43.5553704 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.5553989 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.5557950 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5558190 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\kernel.appcore.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5558306 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Information: Owner"
"1:20:43.5558412 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.5558557 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.5561001 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Image Base: 0x75930000, Image Size: 0x5f000"
"1:20:43.5563489 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5563738 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\bcryptprimitives.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5563858 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Information: Owner"
"1:20:43.5563972 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\bcryptprimitives.dll","SUCCESS",""
"1:20:43.5564121 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\bcryptprimitives.dll","SUCCESS",""
"1:20:43.5566109 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\bcryptprimitives.dll"
"1:20:43.5577998 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 976"
"1:20:43.5579945 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Test_Tools\Automation.api","FAST IO DISALLOWED",""
"1:20:43.5580160 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5580576 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.5580700 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Test_Tools\Automation.api","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.5580718 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.5581603 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\Desktop","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5582081 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32","SUCCESS",""
"1:20:43.5582274 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32","SUCCESS",""
"1:20:43.5583386 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Test_Tools\aaFEAT.api","FAST IO DISALLOWED",""
"1:20:43.5583974 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\profext.dll","FAST IO DISALLOWED",""
"1:20:43.5584132 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Test_Tools\aaFEAT.api","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.5585176 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\profext.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5585542 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\profext.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 8/12/2021 7:28:36 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 8/12/2021 7:28:36 PM, ChangeTime: 8/13/2021 2:49:36 AM, FileAttributes: A"
"1:20:43.5585673 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\profext.dll","SUCCESS",""
"1:20:43.5585834 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\profext.dll","SUCCESS",""
"1:20:43.5587224 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\profext.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5587800 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profext.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5587941 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profext.dll","SUCCESS",""
"1:20:43.5588898 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profext.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5588981 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profext.dll","SUCCESS",""
"1:20:43.5590871 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\profext.dll","SUCCESS","Image Base: 0x746c0000, Image Size: 0x21000"
"1:20:43.5592357 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\profext.dll","SUCCESS",""
"1:20:43.5592554 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\profext.dll","SUCCESS",""
"1:20:43.5594521 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\profapi.dll","FAST IO DISALLOWED",""
"1:20:43.5595729 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5596086 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\profapi.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 2/25/2021 10:57:39 AM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 2/25/2021 10:57:39 AM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5596189 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.5596343 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.5598008 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5598553 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5598677 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.5599601 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profapi.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5599680 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.5601193 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\profapi.dll","SUCCESS","Image Base: 0x756f0000, Image Size: 0x18000"
"1:20:43.5602144 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.5602309 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.5605247 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5605607 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\profapi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5605775 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\profapi.dll","SUCCESS","Information: Owner"
"1:20:43.5605886 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.5606034 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.5607725 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\profext.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5608075 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\profext.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5608203 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\profext.dll","SUCCESS","Information: Owner"
"1:20:43.5608307 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\profext.dll","SUCCESS",""
"1:20:43.5608455 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\profext.dll","SUCCESS",""
"1:20:43.5611896 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\bcrypt.dll","SUCCESS","Image Base: 0x75c70000, Image Size: 0x1b000"
"1:20:43.5614524 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\bcrypt.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5614879 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\bcrypt.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5615008 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\bcrypt.dll","SUCCESS","Information: Owner"
"1:20:43.5615114 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\bcrypt.dll","SUCCESS",""
"1:20:43.5615263 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\bcrypt.dll","SUCCESS",""
"1:20:43.5616855 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\bcrypt.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\bcrypt.dll"
"1:20:43.5620974 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5621347 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode","SUCCESS",""
"1:20:43.5621460 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode","SUCCESS",""
"1:20:43.5622451 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5622913 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS",""
"1:20:43.5623024 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS",""
"1:20:43.5623803 PM","AcroRd32.exe","3984","IRP_MJ_READ","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS","Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"1:20:43.5685812 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCache","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5686895 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCache","SUCCESS",""
"1:20:43.5687043 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCache","SUCCESS",""
"1:20:43.5688230 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetHistory","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5688598 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetHistory","SUCCESS",""
"1:20:43.5688710 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetHistory","SUCCESS",""
"1:20:43.5690147 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCookies","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5690512 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCookies","SUCCESS",""
"1:20:43.5690631 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCookies","SUCCESS",""
"1:20:43.5691909 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\Temp","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5692407 PM","AcroRd32.exe","3984","IRP_MJ_READ","F:\$Mft","SUCCESS","Offset: 871,673,856, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"1:20:43.5697622 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Desired Access: Read Data/List Directory, Read EA, Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5698725 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/18/2020 1:02:27 PM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 8/13/2021 1:17:12 PM, ChangeTime: 8/13/2021 1:17:12 PM, FileAttributes: D"
"1:20:43.5698852 PM","AcroRd32.exe","3984","<Unknown>","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Type: <Unknown : 71 >"
"1:20:43.5699109 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Type: QueryEaInformationFile, EaSize: 0"
"1:20:43.5699831 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","NAME COLLISION","Desired Access: Read Data/List Directory, Read Attributes, Write Attributes, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: D, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5700072 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp","SUCCESS",""
"1:20:43.5700183 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp","SUCCESS",""
"1:20:43.5700871 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5703727 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5704713 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.5704923 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.5705612 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.5706011 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.5706128 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.5760362 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 2904"
"1:20:43.5771993 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\KBDUS.DLL","FAST IO DISALLOWED",""
"1:20:43.5773479 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\KBDUS.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.5775503 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\KBDUS.DLL","FAST IO DISALLOWED",""
"1:20:43.5776796 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\KBDUS.DLL","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5777340 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\KBDUS.DLL","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:41 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:41 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5777478 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5777692 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5779152 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\KBDUS.DLL","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5779948 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\KBDUS.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5780081 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5781414 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\KBDUS.DLL","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5781495 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5784964 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\KBDUS.DLL","SUCCESS","Image Base: 0x5dce0000, Image Size: 0x6000"
"1:20:43.5786187 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5786415 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5788281 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\KBDUS.DLL","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5788656 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\KBDUS.DLL","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5788788 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\KBDUS.DLL","SUCCESS","Information: Owner"
"1:20:43.5788908 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5789059 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5791567 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\KBDUS.DLL","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5793484 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5793648 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\KBDUS.DLL","SUCCESS",""
"1:20:43.5803965 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 3852"
"1:20:43.5809177 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\Temp","SUCCESS",""
"1:20:43.5809354 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\Temp","SUCCESS",""
"1:20:43.5814383 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\FirewallAPI.dll","FAST IO DISALLOWED",""
"1:20:43.5815621 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\FirewallAPI.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5815873 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\FirewallAPI.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 5/14/2021 10:48:57 AM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 5/14/2021 10:48:57 AM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5815988 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\FirewallAPI.dll","SUCCESS",""
"1:20:43.5816149 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\FirewallAPI.dll","SUCCESS",""
"1:20:43.5818665 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\FirewallAPI.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5819312 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\FirewallAPI.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5819458 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\FirewallAPI.dll","SUCCESS",""
"1:20:43.5820666 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\FirewallAPI.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5820755 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\FirewallAPI.dll","SUCCESS",""
"1:20:43.5823595 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\FirewallAPI.dll","SUCCESS","Image Base: 0x74540000, Image Size: 0x6d000"
"1:20:43.5825169 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\FirewallAPI.dll","SUCCESS",""
"1:20:43.5825347 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\FirewallAPI.dll","SUCCESS",""
"1:20:43.5827108 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\dnsapi.dll","FAST IO DISALLOWED",""
"1:20:43.5828457 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\dnsapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5828886 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\dnsapi.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:19 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 7/31/2021 7:34:19 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5829008 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\dnsapi.dll","SUCCESS",""
"1:20:43.5829174 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\dnsapi.dll","SUCCESS",""
"1:20:43.5830543 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\dnsapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5831104 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dnsapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5831206 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dnsapi.dll","SUCCESS",""
"1:20:43.5832170 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dnsapi.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5832254 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dnsapi.dll","SUCCESS",""
"1:20:43.5834187 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\dnsapi.dll","SUCCESS","Image Base: 0x74de0000, Image Size: 0x91000"
"1:20:43.5835296 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\dnsapi.dll","SUCCESS",""
"1:20:43.5835467 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\dnsapi.dll","SUCCESS",""
"1:20:43.5840624 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\dnsapi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5840996 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\dnsapi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5841131 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\dnsapi.dll","SUCCESS","Information: Owner"
"1:20:43.5841240 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\dnsapi.dll","SUCCESS",""
"1:20:43.5841389 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\dnsapi.dll","SUCCESS",""
"1:20:43.5843144 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\FirewallAPI.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5843512 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\FirewallAPI.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5843659 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\FirewallAPI.dll","SUCCESS","Information: Owner"
"1:20:43.5843772 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\FirewallAPI.dll","SUCCESS",""
"1:20:43.5843973 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\FirewallAPI.dll","SUCCESS",""
"1:20:43.5846166 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\dnsapi.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\dnsapi.dll"
"1:20:43.5846905 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\dnsapi.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\dnsapi.dll"
"1:20:43.5848658 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\IPHLPAPI.DLL","FAST IO DISALLOWED",""
"1:20:43.5849913 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5850278 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:35 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:35 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5850382 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS",""
"1:20:43.5850538 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS",""
"1:20:43.5851863 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5852453 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\IPHLPAPI.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5852555 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS",""
"1:20:43.5853509 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5853590 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS",""
"1:20:43.5855183 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Image Base: 0x74da0000, Image Size: 0x32000"
"1:20:43.5856255 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS",""
"1:20:43.5856429 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS",""
"1:20:43.5858475 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5858838 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\IPHLPAPI.DLL","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5858961 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Information: Owner"
"1:20:43.5859067 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS",""
"1:20:43.5859220 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS",""
"1:20:43.5861644 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\nsi.dll","SUCCESS","Image Base: 0x76660000, Image Size: 0x7000"
"1:20:43.5863764 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\nsi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5864125 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\nsi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5864247 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\nsi.dll","SUCCESS","Information: Owner"
"1:20:43.5864354 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\nsi.dll","SUCCESS",""
"1:20:43.5864508 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\nsi.dll","SUCCESS",""
"1:20:43.5867589 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\FirewallAPI.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\FirewallAPI.dll"
"1:20:43.5868227 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\FirewallAPI.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\FirewallAPI.dll"
"1:20:43.5869847 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\fwbase.dll","FAST IO DISALLOWED",""
"1:20:43.5871168 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\fwbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5871539 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\fwbase.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 5/14/2021 10:48:57 AM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 5/14/2021 10:48:57 AM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5871642 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\fwbase.dll","SUCCESS",""
"1:20:43.5871794 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\fwbase.dll","SUCCESS",""
"1:20:43.5873130 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\fwbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5873685 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\fwbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5873817 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\fwbase.dll","SUCCESS",""
"1:20:43.5874764 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\fwbase.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5874849 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\fwbase.dll","SUCCESS",""
"1:20:43.5876355 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\fwbase.dll","SUCCESS","Image Base: 0x74510000, Image Size: 0x25000"
"1:20:43.5877366 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\fwbase.dll","SUCCESS",""
"1:20:43.5877589 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\fwbase.dll","SUCCESS",""
"1:20:43.5879905 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\fwbase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5880284 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\fwbase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5880410 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\fwbase.dll","SUCCESS","Information: Owner"
"1:20:43.5880523 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\fwbase.dll","SUCCESS",""
"1:20:43.5880676 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\fwbase.dll","SUCCESS",""
"1:20:43.5899475 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5899876 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.5900020 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.5900844 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\Desktop","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5901201 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32","SUCCESS",""
"1:20:43.5901343 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32","SUCCESS",""
"1:20:43.5903088 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\windows.storage.dll","FAST IO DISALLOWED",""
"1:20:43.5904304 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5904526 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:04 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 7/31/2021 7:34:05 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5904626 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.5904774 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.5906125 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5906549 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\windows.storage.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5906698 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.5907626 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\windows.storage.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5907706 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.5909546 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\windows.storage.dll","SUCCESS","Image Base: 0x73ed0000, Image Size: 0x608000"
"1:20:43.5911110 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.5911280 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.5912725 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\wldp.dll","FAST IO DISALLOWED",""
"1:20:43.5913960 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5914303 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\wldp.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/1/2020 12:01:35 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 12/1/2020 12:01:35 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.5914405 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.5914558 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.5915878 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5916416 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wldp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.5916540 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.5917463 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wldp.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.5917543 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.5919060 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\wldp.dll","SUCCESS","Image Base: 0x75250000, Image Size: 0x24000"
"1:20:43.5920045 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.5920216 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.5924518 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5924876 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\wldp.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5925001 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\wldp.dll","SUCCESS","Information: Owner"
"1:20:43.5925108 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.5925280 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.5926989 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5927226 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\windows.storage.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.5927339 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\windows.storage.dll","SUCCESS","Information: Owner"
"1:20:43.5927445 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.5927591 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.5929633 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\wldp.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\wldp.dll"
"1:20:43.5934511 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.5935401 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.5936036 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.5936649 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.5955545 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5956326 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer","SUCCESS","CreationTime: 7/18/2020 1:02:26 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 1:50:55 PM, ChangeTime: 5/14/2021 1:50:55 PM, AllocationSize: 16,384, EndOfFile: 16,384, FileAttributes: D"
"1:20:43.5960530 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5961251 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\LocalLow","SUCCESS","CreationTime: 5/29/2015 6:50:10 PM, LastAccessTime: 8/13/2021 1:18:21 PM, LastWriteTime: 11/7/2020 11:50:19 AM, ChangeTime: 11/7/2020 11:50:19 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: DNCI"
"1:20:43.5963080 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow\Adobe\Acrobat\DC","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5964017 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow\Adobe\Acrobat\DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5964987 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Adobe\Acrobat\DC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\LocalLow\Adobe\Acrobat\DC"
"1:20:43.5965179 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Adobe\Acrobat\DC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\LocalLow\Adobe\Acrobat\DC"
"1:20:43.5965827 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Adobe\Acrobat\DC","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.5966162 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\LocalLow\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.5966278 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\LocalLow\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.5969836 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5970525 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer","SUCCESS","CreationTime: 7/18/2020 1:02:26 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 1:50:55 PM, ChangeTime: 5/14/2021 1:50:55 PM, AllocationSize: 16,384, EndOfFile: 16,384, FileAttributes: D"
"1:20:43.5971248 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5971925 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\LocalLow","SUCCESS","CreationTime: 5/29/2015 6:50:10 PM, LastAccessTime: 8/13/2021 1:18:21 PM, LastWriteTime: 11/7/2020 11:50:19 AM, ChangeTime: 11/7/2020 11:50:19 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: DNCI"
"1:20:43.5972895 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow\Adobe\Linguistics","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5973692 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow\Adobe\Linguistics","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5974085 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Adobe\Linguistics","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\LocalLow\Adobe\Linguistics"
"1:20:43.5974285 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Adobe\Linguistics","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\LocalLow\Adobe\Linguistics"
"1:20:43.5974792 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Adobe\Linguistics","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.5975119 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\LocalLow\Adobe\Linguistics","SUCCESS",""
"1:20:43.5975241 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\LocalLow\Adobe\Linguistics","SUCCESS",""
"1:20:43.5977933 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5978651 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer","SUCCESS","CreationTime: 7/18/2020 1:02:26 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 1:50:55 PM, ChangeTime: 5/14/2021 1:50:55 PM, AllocationSize: 16,384, EndOfFile: 16,384, FileAttributes: D"
"1:20:43.5979374 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5980042 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\LocalLow","SUCCESS","CreationTime: 5/29/2015 6:50:10 PM, LastAccessTime: 8/13/2021 1:18:21 PM, LastWriteTime: 11/7/2020 11:50:19 AM, ChangeTime: 11/7/2020 11:50:19 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: DNCI"
"1:20:43.5981105 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow\Microsoft\IMJP","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.5981941 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow\Microsoft","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5982357 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\LocalLow\Microsoft"
"1:20:43.5982520 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\LocalLow\Microsoft"
"1:20:43.5983036 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Microsoft","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.5983508 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\LocalLow\Microsoft","SUCCESS",""
"1:20:43.5983624 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\LocalLow\Microsoft","SUCCESS",""
"1:20:43.5986112 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5986781 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer","SUCCESS","CreationTime: 7/18/2020 1:02:26 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 1:50:55 PM, ChangeTime: 5/14/2021 1:50:55 PM, AllocationSize: 16,384, EndOfFile: 16,384, FileAttributes: D"
"1:20:43.5987478 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.5988125 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\LocalLow","SUCCESS","CreationTime: 5/29/2015 6:50:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 11/7/2020 11:50:19 AM, ChangeTime: 11/7/2020 11:50:19 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: DNCI"
"1:20:43.5989802 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow\Microsoft\IME","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.5990314 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Microsoft\IME","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\LocalLow\Microsoft\IME"
"1:20:43.5990697 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Microsoft\IME","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\LocalLow\Microsoft\IME"
"1:20:43.5991204 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\LocalLow\Microsoft\IME","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.5991866 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\LocalLow\Microsoft\IME","SUCCESS",""
"1:20:43.5991982 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\LocalLow\Microsoft\IME","SUCCESS",""
"1:20:43.5996000 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\MSRMS.api","FAST IO DISALLOWED",""
"1:20:43.5997278 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\MSRMS.api","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6002940 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Roaming","SUCCESS","CreationTime: 7/18/2020 1:02:27 PM, LastAccessTime: 8/13/2021 1:20:34 PM, LastWriteTime: 7/18/2020 1:05:25 PM, ChangeTime: 7/18/2020 1:05:25 PM, AllocationSize: 12,288, EndOfFile: 12,288, FileAttributes: D"
"1:20:43.6003776 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6004545 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6005068 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC"
"1:20:43.6005217 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC"
"1:20:43.6005719 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6006033 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.6006153 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.6013880 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Local","SUCCESS","CreationTime: 7/18/2020 1:02:27 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 6/7/2021 4:17:18 PM, ChangeTime: 6/7/2021 4:17:18 PM, AllocationSize: 24,576, EndOfFile: 24,576, FileAttributes: D"
"1:20:43.6014781 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Adobe\Acrobat\DC","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6015513 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Adobe\Acrobat\DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6016007 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Acrobat\DC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Adobe\Acrobat\DC"
"1:20:43.6016157 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Acrobat\DC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Adobe\Acrobat\DC"
"1:20:43.6016689 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Acrobat\DC","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6017005 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.6017122 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.6020304 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Adobe\Color","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6021098 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Adobe\Color","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6021617 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Color","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Adobe\Color"
"1:20:43.6021768 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Color","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Adobe\Color"
"1:20:43.6022289 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Color","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6059039 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Adobe\Color","SUCCESS",""
"1:20:43.6059163 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Adobe\Color","SUCCESS",""
"1:20:43.6071505 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Linguistics","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6072267 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Linguistics","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6072648 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Linguistics","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Linguistics"
"1:20:43.6072811 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Linguistics","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Linguistics"
"1:20:43.6074407 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Linguistics","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6074757 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Linguistics","SUCCESS",""
"1:20:43.6074873 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Linguistics","SUCCESS",""
"1:20:43.6077541 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\LogTransport2","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6078282 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\LogTransport2","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6078651 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\LogTransport2","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\LogTransport2"
"1:20:43.6078796 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\LogTransport2","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\LogTransport2"
"1:20:43.6079283 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\LogTransport2","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6079614 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\LogTransport2","SUCCESS",""
"1:20:43.6079727 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\LogTransport2","SUCCESS",""
"1:20:43.6082279 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Headlights","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6083025 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Headlights","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6084801 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Headlights","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Headlights"
"1:20:43.6085226 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Headlights","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Headlights"
"1:20:43.6085725 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Headlights","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6086034 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Headlights","SUCCESS",""
"1:20:43.6086147 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Headlights","SUCCESS",""
"1:20:43.6090545 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6090964 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.6091089 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.6091857 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\Desktop","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6092208 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32","SUCCESS",""
"1:20:43.6092352 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32","SUCCESS",""
"1:20:43.6114087 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6114705 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.6114910 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.6115928 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\Desktop","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6116301 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32","SUCCESS",""
"1:20:43.6116453 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32","SUCCESS",""
"1:20:43.6120562 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6121432 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6121942 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC"
"1:20:43.6122184 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC"
"1:20:43.6122887 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6123292 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS",""
"1:20:43.6123411 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC","SUCCESS",""
"1:20:43.6182169 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\My Documents","SUCCESS","CreationTime: 5/30/2015 7:43:29 PM, LastAccessTime: 8/13/2021 1:18:21 PM, LastWriteTime: 3/26/2021 2:45:08 PM, ChangeTime: 3/26/2021 2:45:08 PM, AllocationSize: 65,536, EndOfFile: 65,536, FileAttributes: RD"
"1:20:43.6183132 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\My Documents\ArcotIDs","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6184068 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\My Documents","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6184494 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\My Documents","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\My Documents"
"1:20:43.6184670 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\My Documents","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\My Documents"
"1:20:43.6185421 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\My Documents","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6185708 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\My Documents","SUCCESS",""
"1:20:43.6185825 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\My Documents","SUCCESS",""
"1:20:43.6188463 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Local\Lotus\Notes\Data","PATH NOT FOUND",""
"1:20:43.6189360 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Roaming\Justsystem","NAME NOT FOUND",""
"1:20:43.6189917 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Roaming\Intuit\Quicken\Log","PATH NOT FOUND",""
"1:20:43.6190655 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Roaming\Enfocus Prefs Folder","NAME NOT FOUND",""
"1:20:43.6191538 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft\Speech","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6192991 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft\Speech","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6193504 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Speech","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft\Speech"
"1:20:43.6193647 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Speech","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft\Speech"
"1:20:43.6194138 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Speech","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6194426 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Microsoft\Speech","SUCCESS",""
"1:20:43.6194540 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Microsoft\Speech","SUCCESS",""
"1:20:43.6197573 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6198347 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6198739 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex"
"1:20:43.6198882 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex"
"1:20:43.6199384 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6199745 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex","SUCCESS",""
"1:20:43.6199860 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex","SUCCESS",""
"1:20:43.6225249 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\uxtheme.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\uxtheme.dll"
"1:20:43.6229927 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 7860"
"1:20:43.6230467 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 1248"
"1:20:43.6231852 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 5600"
"1:20:43.6232396 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 7308"
"1:20:43.6232775 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 3780"
"1:20:43.6236053 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 6204"
"1:20:43.6236996 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 3852, User Time: 0.0000000, Kernel Time: 0.0156250"
"1:20:43.6265445 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files","FAST IO DISALLOWED",""
"1:20:43.6266755 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6267086 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:12:07 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 8/11/2021 3:25:54 PM, ChangeTime: 8/11/2021 3:25:54 PM, FileAttributes: RD"
"1:20:43.6267218 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.6267385 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.6269166 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6269718 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files"
"1:20:43.6269918 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files"
"1:20:43.6270741 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","C:\Program Files","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6271384 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.6271527 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.6275236 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6275612 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files"
"1:20:43.6275770 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files"
"1:20:43.6276257 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","C:\Program Files","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6276599 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.6276740 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.6282855 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows","FAST IO DISALLOWED",""
"1:20:43.6285189 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6285469 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows","FAST IO DISALLOWED","Type: QueryBasicInformationFile"
"1:20:43.6285569 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:03:30 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 8/13/2021 2:49:11 AM, ChangeTime: 8/13/2021 2:49:11 AM, FileAttributes: D"
"1:20:43.6285694 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows","SUCCESS",""
"1:20:43.6285836 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows","SUCCESS",""
"1:20:43.6287308 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6287734 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows","SUCCESS","Type: QueryNameInformationFile, Name: \Windows"
"1:20:43.6287906 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows","SUCCESS","Type: QueryNameInformationFile, Name: \Windows"
"1:20:43.6288493 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","C:\Windows","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6288803 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows","SUCCESS",""
"1:20:43.6288950 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows","SUCCESS",""
"1:20:43.6315382 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6315897 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows","SUCCESS","Type: QueryNameInformationFile, Name: \Windows"
"1:20:43.6316121 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows","SUCCESS","Type: QueryNameInformationFile, Name: \Windows"
"1:20:43.6317844 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","C:\Windows","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6318160 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows","SUCCESS",""
"1:20:43.6318319 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows","SUCCESS",""
"1:20:43.6322119 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6322563 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC"
"1:20:43.6322732 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC"
"1:20:43.6323302 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6323619 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6323754 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6326851 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6327252 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC"
"1:20:43.6327415 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC"
"1:20:43.6328041 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6328327 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6328462 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6331557 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6332820 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC"
"1:20:43.6333007 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC"
"1:20:43.6333870 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6334176 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6334315 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6337157 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6337554 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC"
"1:20:43.6337717 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC"
"1:20:43.6338197 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6338484 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6338619 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6341036 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\Privileged\DC","PATH NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6341854 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\Privileged","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6342569 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6342926 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6343072 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6343654 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6343976 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6344091 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6346880 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\Privileged\DC","PATH NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6347611 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\Privileged","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6348299 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6348658 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6348799 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6349305 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6349614 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6349728 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6352867 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6353472 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa"
"1:20:43.6353625 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa"
"1:20:43.6354099 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6354413 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS",""
"1:20:43.6354529 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS",""
"1:20:43.6356932 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6357296 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa"
"1:20:43.6357441 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa"
"1:20:43.6357949 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6358433 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS",""
"1:20:43.6358546 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Microsoft\Crypto\rsa","SUCCESS",""
"1:20:43.6361687 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Arcot\Ids","PATH NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6362467 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Arcot","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6363292 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6363661 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming"
"1:20:43.6363801 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming"
"1:20:43.6364255 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6364544 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming","SUCCESS",""
"1:20:43.6364660 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming","SUCCESS",""
"1:20:43.6366875 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Arcot\Ids","PATH NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6367608 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Arcot","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6368296 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6368653 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming"
"1:20:43.6368804 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming"
"1:20:43.6369273 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6369562 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming","SUCCESS",""
"1:20:43.6369675 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming","SUCCESS",""
"1:20:43.6390180 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\profext.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\profext.dll"
"1:20:43.6392933 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6393544 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.6393677 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.6394481 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\Desktop","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6394842 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32","SUCCESS",""
"1:20:43.6395139 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32","SUCCESS",""
"1:20:43.6396412 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 976, User Time: 0.0000000, Kernel Time: 0.0156250"
"1:20:43.6403913 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Microsoft\Outlook","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6404723 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6405110 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft"
"1:20:43.6405304 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft"
"1:20:43.6405907 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6406213 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS",""
"1:20:43.6406329 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS",""
"1:20:43.6408756 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Microsoft\Outlook","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6409486 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6409832 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft"
"1:20:43.6409968 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft"
"1:20:43.6477228 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6477922 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.6478034 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6479037 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.6479120 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6482188 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6482779 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS",""
"1:20:43.6482913 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS",""
"1:20:43.6485760 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft\Outlook","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6514456 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6514885 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft"
"1:20:43.6515045 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft"
"1:20:43.6515596 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6515930 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS",""
"1:20:43.6516071 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS",""
"1:20:43.6518418 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft\Outlook","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6519148 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6519512 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft"
"1:20:43.6519651 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft"
"1:20:43.6520107 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6520408 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS",""
"1:20:43.6520522 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS",""
"1:20:43.6537369 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS","CreationTime: 7/18/2020 1:02:27 PM, LastAccessTime: 2/11/2021 3:04:10 PM, LastWriteTime: 7/18/2020 1:23:53 PM, ChangeTime: 7/18/2020 1:24:09 PM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HSDNCI"
"1:20:43.6538145 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6538571 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft\Windows\INetCache"
"1:20:43.6539030 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft\Windows\INetCache"
"1:20:43.6539576 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6539946 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS",""
"1:20:43.6540063 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS",""
"1:20:43.6542723 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6543090 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft\Windows\INetCache"
"1:20:43.6543305 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft\Windows\INetCache"
"1:20:43.6543785 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6544085 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS",""
"1:20:43.6544201 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Microsoft\Windows\INetCache","SUCCESS",""
"1:20:43.6546808 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\8.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6547565 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6547914 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6548048 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6548527 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6548824 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6548935 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6551250 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\8.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6551953 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6552709 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6552860 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6553444 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6553737 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6553851 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6555682 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\9.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6556380 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6557113 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6557281 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6557794 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6558311 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6558425 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6560272 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\9.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6560978 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6561782 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6561912 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6562373 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6562667 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6562780 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6564752 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\10.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6565441 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6566229 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6566359 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6566811 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6567111 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6567224 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6568990 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\10.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6569676 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6570469 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6570604 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6571063 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6571355 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6571472 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6573460 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\11.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6574161 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6575028 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6575160 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6575616 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6575922 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6576054 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6577875 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\11.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6578557 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6579459 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6579590 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6580049 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6580340 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6580452 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6582356 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\12.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6583045 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6584382 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6584514 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6584968 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6585279 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6585389 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6587215 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\12.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6587904 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6588651 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6588790 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6589400 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6589692 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6589803 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6591624 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\13.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6592319 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6593091 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6593319 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6593777 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6594067 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6594178 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6601371 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\13.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6602135 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6603058 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6603223 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6603876 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6604207 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6604327 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6606357 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\14.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6607054 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6607793 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6607929 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6608396 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6608682 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6608791 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6610537 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\14.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6619590 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6620444 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6620606 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6621168 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6621784 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6621898 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6624343 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\15.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6625857 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6626673 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6626809 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6627298 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6627623 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6627736 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6629540 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\15.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6630295 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6631191 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6632798 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6633632 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6633959 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6634079 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6634415 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
"1:20:43.6653418 PM","AcroRd32.exe","3984","Process Create","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","PID: 2916, Command line: ""C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"" --type=renderer /prefetch:1"
"1:20:43.6653435 PM","AcroRd32.exe","2916","Process Start","","SUCCESS","Parent PID: 3984"
"1:20:43.6653456 PM","AcroRd32.exe","2916","Thread Create","","SUCCESS","Thread ID: 7260"
"1:20:43.6661875 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\16.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6662723 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6663526 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6663695 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6664249 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6664730 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6671129 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\AppLocker\MDM","NAME NOT FOUND","Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, AllocationSize: n/a"
"1:20:43.6673386 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6673743 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6673945 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6675331 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6675636 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6675813 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6677191 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6677465 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","FAST IO DISALLOWED","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6677561 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6677667 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6677819 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6679206 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","NAME INVALID","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a"
"1:20:43.6680629 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"1:20:43.6681981 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6682269 PM","AcroRd32.exe","3984","IRP_MJ_FILE_SYSTEM_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT"
"1:20:43.6682437 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.6682570 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.6683857 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6684132 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.6684277 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.6685570 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6685830 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader","FAST IO DISALLOWED","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6685916 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6686020 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.6686152 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.6687430 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6687703 PM","AcroRd32.exe","3984","IRP_MJ_FILE_SYSTEM_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT"
"1:20:43.6687844 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.6687971 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.6689240 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"1:20:43.6690536 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6690802 PM","AcroRd32.exe","3984","IRP_MJ_FILE_SYSTEM_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT"
"1:20:43.6690940 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6691070 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6788956 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6792227 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\16.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6793086 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6793911 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6794124 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6794819 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6795192 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6795317 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6797324 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\17.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6798023 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6798750 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6798906 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6799374 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6799666 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6799775 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6801527 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\17.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6802208 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6802966 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6803108 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6803637 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6803945 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6804057 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6805874 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\18.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6806573 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6807323 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6807455 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6807930 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6808237 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6808349 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6810078 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\18.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6810769 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6811521 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6811655 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6812139 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6812427 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6812536 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6814363 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\19.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6815059 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6815815 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6815949 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6816419 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6816714 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6816825 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6818602 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\19.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6819294 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6820044 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6820178 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6820889 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6821361 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6821474 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6823340 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\20.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6824056 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6824833 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6824964 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6825410 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6825703 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6825812 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6827522 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\20.0","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6828208 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6828968 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6829107 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.6829564 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6829853 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6829963 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.6831927 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft\Ime","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6832996 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Ime","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft\Ime"
"1:20:43.6833155 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Ime","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft\Ime"
"1:20:43.6833621 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft\Ime","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6833897 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Microsoft\Ime","SUCCESS",""
"1:20:43.6834010 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Microsoft\Ime","SUCCESS",""
"1:20:43.6835901 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Microsoft\IME","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6836829 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft\IME","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft\IME"
"1:20:43.6836963 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft\IME","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft\IME"
"1:20:43.6837413 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft\IME","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6837706 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Microsoft\IME","SUCCESS",""
"1:20:43.6837819 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Microsoft\IME","SUCCESS",""
"1:20:43.6839648 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft\IMJP","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6840411 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6841189 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft"
"1:20:43.6841322 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Microsoft"
"1:20:43.6841769 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6842056 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS",""
"1:20:43.6842169 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Microsoft","SUCCESS",""
"1:20:43.6843975 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Microsoft\IMJP","NAME NOT FOUND","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.6844741 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6845491 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft"
"1:20:43.6845625 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Microsoft"
"1:20:43.6846101 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.6846395 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS",""
"1:20:43.6846507 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Microsoft","SUCCESS",""
"1:20:43.6880046 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6880436 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6880588 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6882091 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6882349 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC","FAST IO DISALLOWED","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6882461 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6882579 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6882710 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6884283 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6884560 PM","AcroRd32.exe","3984","IRP_MJ_FILE_SYSTEM_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT"
"1:20:43.6884747 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6884882 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6885892 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6886266 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"1:20:43.6886662 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer","SUCCESS","CreationTime: 7/18/2020 1:02:26 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 1:50:55 PM, ChangeTime: 5/14/2021 1:50:55 PM, AllocationSize: 16,384, EndOfFile: 16,384, FileAttributes: D"
"1:20:43.6887496 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\LocalLow","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.6887639 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6887906 PM","AcroRd32.exe","3984","IRP_MJ_FILE_SYSTEM_CONTROL","C:\Program Files\Adobe","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT"
"1:20:43.6888049 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe","SUCCESS",""
"1:20:43.6888181 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe","SUCCESS",""
"1:20:43.6888215 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\LocalLow","SUCCESS","CreationTime: 5/29/2015 6:50:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 11/7/2020 11:50:19 AM, ChangeTime: 11/7/2020 11:50:19 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: DNCI"
"1:20:43.6889440 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6889685 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe","SUCCESS",""
"1:20:43.6889819 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe","SUCCESS",""
"1:20:43.6891065 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6891298 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files\Adobe","FAST IO DISALLOWED","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6891428 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files\Adobe","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6891536 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe","SUCCESS",""
"1:20:43.6891668 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe","SUCCESS",""
"1:20:43.6892925 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6893174 PM","AcroRd32.exe","3984","IRP_MJ_FILE_SYSTEM_CONTROL","C:\Program Files\Adobe","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT"
"1:20:43.6893334 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe","SUCCESS",""
"1:20:43.6893468 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe","SUCCESS",""
"1:20:43.6894879 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"1:20:43.6896237 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6896514 PM","AcroRd32.exe","3984","IRP_MJ_FILE_SYSTEM_CONTROL","C:\Program Files","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT"
"1:20:43.6896669 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.6896815 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.6898101 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6898348 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.6898493 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.6899774 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6900011 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files","FAST IO DISALLOWED","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6900114 PM","AcroRd32.exe","3984","IRP_MJ_DEVICE_CONTROL","C:\Program Files","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
"1:20:43.6900221 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.6900360 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.6901672 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6901928 PM","AcroRd32.exe","3984","IRP_MJ_FILE_SYSTEM_CONTROL","C:\Program Files","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT"
"1:20:43.6902075 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.6902217 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.6903599 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
"1:20:43.6905291 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","FAST IO DISALLOWED",""
"1:20:43.6976006 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6976398 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:53 PM, FileAttributes: A"
"1:20:43.6976517 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6976732 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.6978238 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6978696 PM","AcroRd32.exe","3984","IRP_MJ_DIRECTORY_CONTROL","C:\Program Files\Adobe","SUCCESS","Type: QueryDirectory, Filter: Adobe, 2: Adobe"
"1:20:43.6979159 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.6979301 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.6980759 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.6981173 PM","AcroRd32.exe","3984","IRP_MJ_DIRECTORY_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Type: QueryDirectory, Filter: Reader, 2: Reader"
"1:20:43.6981434 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6981584 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.6982914 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7156722 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 2904, User Time: 0.0156250, Kernel Time: 0.0156250"
"1:20:43.7182550 PM","AcroRd32.exe","3984","IRP_MJ_DIRECTORY_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryDirectory, Filter: AcroRd32.exe, 2: AcroRd32.exe"
"1:20:43.7183093 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.7185322 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.7189996 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.7191878 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7192640 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:29 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/31/2021 7:34:29 PM, ChangeTime: 8/1/2021 2:48:58 AM, FileAttributes: A"
"1:20:43.7192776 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7192958 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7193102 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:53 PM, FileAttributes: A"
"1:20:43.7201861 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7202381 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,873,792, EndOfFile: 3,873,652, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.7202499 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,873,792, EndOfFile: 3,873,652, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.7202619 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.7202728 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,873,792, EndOfFile: 3,873,652, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.7202809 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7202894 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7202966 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7203516 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7203675 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7204335 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.7222714 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7223319 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.7223471 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.7224286 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\Desktop","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7224647 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32","SUCCESS",""
"1:20:43.7224793 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32","SUCCESS",""
"1:20:43.7230974 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\en-US\kernel32.dll.mui","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7231465 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\en-US\kernel32.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.7231576 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\en-US\kernel32.dll.mui","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 1,007,104, EndOfFile: 1,007,104, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.7231675 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\en-US\kernel32.dll.mui","SUCCESS",""
"1:20:43.7231762 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\en-US\kernel32.dll.mui","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7231834 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\en-US\kernel32.dll.mui","SUCCESS",""
"1:20:43.7233376 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.7247327 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 8108"
"1:20:43.7248827 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7249225 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.7249341 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\Desktop","SUCCESS",""
"1:20:43.7269784 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\msctf.dll","SUCCESS","Image Base: 0x76af0000, Image Size: 0xd4000"
"1:20:43.7274953 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msctf.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7275388 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msctf.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7275519 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msctf.dll","SUCCESS","Information: Owner"
"1:20:43.7275628 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msctf.dll","SUCCESS",""
"1:20:43.7275808 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msctf.dll","SUCCESS",""
"1:20:43.7277769 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\msctf.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\msctf.dll"
"1:20:43.7315899 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","FAST IO DISALLOWED",""
"1:20:43.7317164 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7317451 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:53 PM, FileAttributes: A"
"1:20:43.7317554 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.7317710 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.7319101 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7319606 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7319715 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.7340475 PM","AcroRd32.exe","2916","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Image Base: 0x450000, Image Size: 0x308000"
"1:20:43.7342176 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x77870000, Image Size: 0x19e000"
"1:20:43.7365565 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7365653 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.7407575 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\Desktop","ACCESS DENIED","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: DancingMachine\Dancer"
"1:20:43.7409889 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x77790000, Image Size: 0x9a000"
"1:20:43.7428487 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\kernel32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\kernel32.dll"
"1:20:43.7432385 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\KernelBase.dll","SUCCESS","Image Base: 0x759d0000, Image Size: 0x212000"
"1:20:43.7432735 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\KernelBase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\KernelBase.dll"
"1:20:43.7442004 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\KernelBase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\KernelBase.dll"
"1:20:43.7442979 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\KernelBase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\KernelBase.dll"
"1:20:43.7446352 PM","AcroRd32.exe","3984","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Image Base: 0x7a270000, Image Size: 0x1c51000"
"1:20:43.7449626 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7449841 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\apphelp.dll","FAST IO DISALLOWED",""
"1:20:43.7451161 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\apphelp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7451550 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\apphelp.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 5/14/2021 10:49:25 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 10:49:26 AM, ChangeTime: 8/12/2021 7:29:33 PM, FileAttributes: A"
"1:20:43.7451657 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.7451861 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.7453230 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.7453368 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\apphelp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7453388 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.7453942 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\apphelp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7454040 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.7454967 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\apphelp.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7455047 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.7455286 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7456625 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\apphelp.dll","SUCCESS","Image Base: 0x73890000, Image Size: 0x9f000"
"1:20:43.7457467 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","FAST IO DISALLOWED",""
"1:20:43.7458617 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.7458757 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7458785 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\apphelp.dll","SUCCESS",""
"1:20:43.7459680 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\apphelp.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\apphelp.dll"
"1:20:43.7460569 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7461527 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\apphelp.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\apphelp.dll"
"1:20:43.7461557 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.7461731 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.7463159 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","FAST IO DISALLOWED",""
"1:20:43.7464633 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7464931 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:14 AM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 7/24/2021 1:39:14 AM, ChangeTime: 8/13/2021 1:14:55 PM, FileAttributes: A"
"1:20:43.7465031 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.7465105 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7465186 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.7465430 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7465562 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Information: Owner"
"1:20:43.7465676 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.7465841 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.7466619 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7467084 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7467194 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.7467449 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ntdll.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7467851 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ntdll.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7467972 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ntdll.dll","SUCCESS","Information: Owner"
"1:20:43.7468081 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ntdll.dll","SUCCESS",""
"1:20:43.7468231 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ntdll.dll","SUCCESS",""
"1:20:43.7469701 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\kernel32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7470086 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\kernel32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7470214 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\kernel32.dll","SUCCESS","Information: Owner"
"1:20:43.7470324 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\kernel32.dll","SUCCESS",""
"1:20:43.7470473 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\kernel32.dll","SUCCESS",""
"1:20:43.7471963 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\KernelBase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7472225 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\KernelBase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7472357 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\KernelBase.dll","SUCCESS","Information: Owner"
"1:20:43.7472375 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7472472 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\KernelBase.dll","SUCCESS",""
"1:20:43.7472630 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\KernelBase.dll","SUCCESS",""
"1:20:43.7472710 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.7475116 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7475700 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,873,792, EndOfFile: 3,873,652, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.7475822 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,873,792, EndOfFile: 3,873,652, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.7475929 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.7476019 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,873,792, EndOfFile: 3,873,652, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.7476100 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7476179 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7476249 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7478020 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\KernelBase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\KernelBase.dll"
"1:20:43.7481815 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7481993 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
"1:20:43.7484340 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\AcGenral.dll","FAST IO DISALLOWED",""
"1:20:43.7485625 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\AcGenral.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7486017 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\AcGenral.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:34:45 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:34:45 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7486109 PM","AcroRd32.exe","3984","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Image Base: 0x53e20000, Image Size: 0x562000"
"1:20:43.7488890 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7489444 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.7489617 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.7493641 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.7493792 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.7494495 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.7494656 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.7496245 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","FAST IO DISALLOWED",""
"1:20:43.7497482 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7497742 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:55 PM, FileAttributes: A"
"1:20:43.7497844 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.7497999 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.7499367 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7499833 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7499944 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.7501600 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7501682 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.7503464 PM","AcroRd32.exe","3984","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Image Base: 0x6d380000, Image Size: 0x21000"
"1:20:43.7506874 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\AcGenral.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7507484 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\AcGenral.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7507584 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.7508499 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\AcGenral.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7508580 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.7510203 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\AcGenral.dll","SUCCESS","Image Base: 0x62ba0000, Image Size: 0x251000"
"1:20:43.7512627 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\msvcrt.dll","SUCCESS","Image Base: 0x761a0000, Image Size: 0xbf000"
"1:20:43.7515055 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\sechost.dll","SUCCESS","Image Base: 0x76120000, Image Size: 0x75000"
"1:20:43.7517396 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\rpcrt4.dll","SUCCESS","Image Base: 0x76590000, Image Size: 0xc6000"
"1:20:43.7520135 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\shlwapi.dll","SUCCESS","Image Base: 0x763d0000, Image Size: 0x45000"
"1:20:43.7522882 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x77190000, Image Size: 0x179000"
"1:20:43.7523543 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\user32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\user32.dll"
"1:20:43.7527721 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\win32u.dll","SUCCESS","Image Base: 0x75c90000, Image Size: 0x1d000"
"1:20:43.7530075 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\gdi32.dll","SUCCESS","Image Base: 0x76680000, Image Size: 0x22000"
"1:20:43.7530413 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\gdi32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\gdi32.dll"
"1:20:43.7537198 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\gdi32full.dll","SUCCESS","Image Base: 0x75cb0000, Image Size: 0xdb000"
"1:20:43.7537487 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\gdi32full.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\gdi32full.dll"
"1:20:43.7540232 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\msvcp_win.dll","SUCCESS","Image Base: 0x75bf0000, Image Size: 0x7b000"
"1:20:43.7542144 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\ucrtbase.dll","SUCCESS","Image Base: 0x75de0000, Image Size: 0x120000"
"1:20:43.7545437 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7548740 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.7548893 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.7549392 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.7549550 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.7551007 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","FAST IO DISALLOWED",""
"1:20:43.7552262 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7552534 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:55 PM, FileAttributes: A"
"1:20:43.7552635 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.7552784 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.7554240 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7554737 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7554851 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.7556979 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7557062 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.7558533 PM","AcroRd32.exe","3984","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Image Base: 0x608a0000, Image Size: 0x2e4000"
"1:20:43.7561037 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7564221 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.7564374 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.7564983 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.7565138 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.7566602 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","FAST IO DISALLOWED",""
"1:20:43.7567855 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7568128 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/23/2021 11:39:12 PM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 7/23/2021 11:39:12 PM, ChangeTime: 8/13/2021 1:14:46 PM, FileAttributes: A"
"1:20:43.7568225 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.7568375 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.7569767 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7573558 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7573672 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.7574885 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7574967 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.7576238 PM","AcroRd32.exe","3984","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Image Base: 0x62a00000, Image Size: 0x193000"
"1:20:43.7577481 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.7579264 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\ws2_32.dll","SUCCESS","Image Base: 0x77390000, Image Size: 0x63000"
"1:20:43.7580449 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.7580628 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.7582173 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","FAST IO DISALLOWED",""
"1:20:43.7583507 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7585067 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\msvcp140.dll","FAST IO DISALLOWED",""
"1:20:43.7586249 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7586487 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\msvcp140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.7586582 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7586736 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7588072 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7588506 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msvcp140.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7588615 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7589924 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msvcp140.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7590005 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7591325 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\msvcp140.dll","SUCCESS","Image Base: 0x68990000, Image Size: 0x6f000"
"1:20:43.7592207 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7592377 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7596917 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.7598219 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7599758 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.7600947 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7601167 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.7601270 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7601425 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7602728 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7603714 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\vcruntime140.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7603828 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7605342 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7605426 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7606692 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\vcruntime140.dll","SUCCESS","Image Base: 0x68d30000, Image Size: 0x14000"
"1:20:43.7607338 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7607504 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7608978 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","FAST IO DISALLOWED",""
"1:20:43.7610234 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7610511 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:52 PM, FileAttributes: A"
"1:20:43.7610611 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.7610761 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.7612125 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7612581 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7612684 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.7614031 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7614116 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.7615279 PM","AcroRd32.exe","3984","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Image Base: 0x687b0000, Image Size: 0xf4000"
"1:20:43.7617681 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7620997 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.7621145 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.7621662 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.7621815 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.7623343 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\SensApi.dll","FAST IO DISALLOWED",""
"1:20:43.7624580 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\SensApi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7626069 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\SensApi.dll","FAST IO DISALLOWED",""
"1:20:43.7627236 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\SensApi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7627610 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\SensApi.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:07:37 AM, LastAccessTime: 8/13/2021 1:19:11 PM, LastWriteTime: 12/7/2019 1:07:37 AM, ChangeTime: 8/12/2021 7:29:53 PM, FileAttributes: A"
"1:20:43.7627708 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.7627856 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.7629183 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\SensApi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7629725 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\SensApi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7629847 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.7630979 PM","AcroRd32.exe","3984","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\SensApi.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7631064 PM","AcroRd32.exe","3984","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.7632351 PM","AcroRd32.exe","3984","Load Image","C:\Windows\System32\SensApi.dll","SUCCESS","Image Base: 0x6d370000, Image Size: 0x8000"
"1:20:43.7634947 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.7635125 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.7636650 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","FAST IO DISALLOWED",""
"1:20:43.7637909 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7639408 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\msvcp140.dll","FAST IO DISALLOWED",""
"1:20:43.7640595 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7640816 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\msvcp140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.7640912 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7641057 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7642467 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.7643783 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7645271 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.7646447 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7646651 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.7646744 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7646888 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7648282 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.7649497 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7654043 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.7655239 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7655446 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.7655541 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7655708 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7657120 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","FAST IO DISALLOWED",""
"1:20:43.7658355 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7659828 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\msvcp140.dll","FAST IO DISALLOWED",""
"1:20:43.7661007 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7661220 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\msvcp140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.7661317 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7661459 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.7662862 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.7664182 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7665633 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.7666820 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7667019 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.7667116 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7667257 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7669791 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.7671013 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7672455 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.7673716 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7673918 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.7674014 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7674156 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7675539 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.7677045 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.7678609 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.7679843 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.7680050 PM","AcroRd32.exe","3984","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.7680142 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7680291 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.7683275 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\ole32.dll","SUCCESS","Image Base: 0x75f00000, Image Size: 0xe3000"
"1:20:43.7683680 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ole32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ole32.dll"
"1:20:43.7687305 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\combase.dll","SUCCESS","Image Base: 0x774a0000, Image Size: 0x281000"
"1:20:43.7691126 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\oleaut32.dll","SUCCESS","Image Base: 0x77400000, Image Size: 0x96000"
"1:20:43.7695985 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\shell32.dll","SUCCESS","Image Base: 0x76bd0000, Image Size: 0x5b3000"
"1:20:43.7699358 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\advapi32.dll","SUCCESS","Image Base: 0x75ff0000, Image Size: 0x7a000"
"1:20:43.7699657 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\advapi32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\advapi32.dll"
"1:20:43.7702608 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.7702840 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\AcGenral.dll","SUCCESS",""
"1:20:43.7709164 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\uxtheme.dll","FAST IO DISALLOWED",""
"1:20:43.7710448 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\uxtheme.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7710871 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\uxtheme.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 6/24/2021 7:03:53 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 6/24/2021 7:03:54 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7710974 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.7711126 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.7712548 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\uxtheme.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7713302 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\uxtheme.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7713414 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.7716788 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\uxtheme.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7716873 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.7718418 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\uxtheme.dll","SUCCESS","Image Base: 0x73940000, Image Size: 0x7d000"
"1:20:43.7719746 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.7719936 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.7726951 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\winmm.dll","FAST IO DISALLOWED",""
"1:20:43.7728233 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winmm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7728609 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\winmm.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:31:56 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:31:56 PM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.7728714 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.7728887 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.7731364 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winmm.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7732188 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmm.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7732289 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.7734187 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmm.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7734273 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.7736008 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\winmm.dll","SUCCESS","Image Base: 0x70b80000, Image Size: 0x28000"
"1:20:43.7737344 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.7737514 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.7738969 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\samcli.dll","FAST IO DISALLOWED",""
"1:20:43.7740212 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\samcli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7740573 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\samcli.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:37 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:33:37 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7740671 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.7740822 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.7742227 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\samcli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7742783 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\samcli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7742879 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.7743869 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\samcli.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7743954 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.7745245 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\samcli.dll","SUCCESS","Image Base: 0x6fcb0000, Image Size: 0x15000"
"1:20:43.7746116 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.7746281 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.7752160 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\msacm32.dll","FAST IO DISALLOWED",""
"1:20:43.7753497 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msacm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7753865 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\msacm32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:06:30 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 12/7/2019 1:06:30 AM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.7753967 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.7754115 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.7755484 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msacm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7756044 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msacm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7756192 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.7757124 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msacm32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7757206 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.7758479 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\msacm32.dll","SUCCESS","Image Base: 0x6d3b0000, Image Size: 0x19000"
"1:20:43.7759847 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.7760019 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.7761702 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\version.dll","FAST IO DISALLOWED",""
"1:20:43.7762937 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7763399 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\version.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:34:33 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:34:33 PM, ChangeTime: 8/12/2021 7:29:53 PM, FileAttributes: A"
"1:20:43.7763503 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.7763686 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.7765113 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7765703 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7765800 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.7766728 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\version.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7766806 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.7768325 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\version.dll","SUCCESS","Image Base: 0x6e0a0000, Image Size: 0x8000"
"1:20:43.7769181 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.7769347 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.7774164 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\userenv.dll","FAST IO DISALLOWED",""
"1:20:43.7775399 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\userenv.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7775757 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\userenv.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:38 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:33:38 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7775856 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.7776004 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.7777377 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\userenv.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7777934 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\userenv.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7778031 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.7779294 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\userenv.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7779383 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.7781058 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\userenv.dll","SUCCESS","Image Base: 0x756b0000, Image Size: 0x25000"
"1:20:43.7782275 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.7782533 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.7784268 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\dwmapi.dll","FAST IO DISALLOWED",""
"1:20:43.7785542 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\dwmapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7785965 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\dwmapi.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 1/13/2021 2:11:37 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 1/13/2021 2:11:37 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7786106 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.7786266 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.7787657 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\dwmapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7788220 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dwmapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7788322 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.7789419 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dwmapi.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7789499 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.7790865 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\dwmapi.dll","SUCCESS","Image Base: 0x73c90000, Image Size: 0x26000"
"1:20:43.7792015 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.7792183 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.7793639 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\urlmon.dll","FAST IO DISALLOWED",""
"1:20:43.7794946 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\urlmon.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7795306 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\urlmon.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:27 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/31/2021 7:34:28 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7795407 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.7795557 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.7796957 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\urlmon.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7797507 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\urlmon.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7797602 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.7798493 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\urlmon.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7798572 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.7800312 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\urlmon.dll","SUCCESS","Image Base: 0x6adb0000, Image Size: 0x1a8000"
"1:20:43.7801800 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.7801981 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.7805306 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\winspool.drv","FAST IO DISALLOWED",""
"1:20:43.7807312 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7807703 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\winspool.drv","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 6/12/2021 10:34:04 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 6/12/2021 10:34:04 AM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.7808368 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.7808532 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.7809979 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7816680 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winspool.drv","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7816783 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.7817720 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winspool.drv","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7817800 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.7819232 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\winspool.drv","SUCCESS","Image Base: 0x614b0000, Image Size: 0x6d000"
"1:20:43.7819586 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\winspool.drv","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\winspool.drv"
"1:20:43.7822262 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.7822427 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.7823923 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\mpr.dll","FAST IO DISALLOWED",""
"1:20:43.7825166 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\mpr.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7825524 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\mpr.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:54 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:33:54 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7825625 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.7825775 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.7827156 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\mpr.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7827707 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\mpr.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7827806 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.7828707 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\mpr.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7828788 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.7830229 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\mpr.dll","SUCCESS","Image Base: 0x60c90000, Image Size: 0x19000"
"1:20:43.7830500 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\mpr.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\mpr.dll"
"1:20:43.7832114 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.7832279 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.7833755 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\sspicli.dll","FAST IO DISALLOWED",""
"1:20:43.7834995 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7835354 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\sspicli.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 5/14/2021 10:49:45 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 10:49:45 AM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7835452 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.7835622 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.7836996 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7837545 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\sspicli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7837643 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.7838539 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\sspicli.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7838617 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.7839835 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\sspicli.dll","SUCCESS","Image Base: 0x75680000, Image Size: 0x25000"
"1:20:43.7840759 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.7840924 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.7844767 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\winmmbase.dll","FAST IO DISALLOWED",""
"1:20:43.7846012 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7846252 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\winmmbase.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:06:30 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 12/7/2019 1:06:30 AM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.7846349 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.7846495 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.7847887 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winmmbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7848316 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmmbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7848415 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.7849332 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmmbase.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7849413 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.7850634 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\winmmbase.dll","SUCCESS","Image Base: 0x70240000, Image Size: 0x1d000"
"1:20:43.7851643 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.7851810 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.7853247 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\winmmbase.dll","FAST IO DISALLOWED",""
"1:20:43.7854493 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7854714 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\winmmbase.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:06:30 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 12/7/2019 1:06:30 AM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.7854807 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.7854949 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.7858381 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\iertutil.dll","FAST IO DISALLOWED",""
"1:20:43.7859607 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\iertutil.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7859972 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\iertutil.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 6/24/2021 7:03:53 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 6/24/2021 7:03:53 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7860075 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.7860224 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.7861589 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\iertutil.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7862147 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\iertutil.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7862244 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.7863136 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\iertutil.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7863228 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.7864759 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\iertutil.dll","SUCCESS","Image Base: 0x6cb20000, Image Size: 0x22b000"
"1:20:43.7867387 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\SHCore.dll","SUCCESS","Image Base: 0x76090000, Image Size: 0x87000"
"1:20:43.7868538 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.7868706 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.7870142 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\srvcli.dll","FAST IO DISALLOWED",""
"1:20:43.7871408 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\srvcli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7871768 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\srvcli.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:38 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:33:38 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7871874 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.7872025 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.7873421 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\srvcli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7873977 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\srvcli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7874075 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.7875025 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\srvcli.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7875111 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.7876324 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\srvcli.dll","SUCCESS","Image Base: 0x6ad90000, Image Size: 0x1d000"
"1:20:43.7877225 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.7877396 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.7878877 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\netutils.dll","FAST IO DISALLOWED",""
"1:20:43.7880142 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\netutils.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7880500 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\netutils.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:37 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:33:37 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.7880602 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.7880753 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.7882150 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\netutils.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7882718 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netutils.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.7882816 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.7883752 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netutils.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.7883832 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.7885245 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\netutils.dll","SUCCESS","Image Base: 0x74e80000, Image Size: 0xb000"
"1:20:43.7886016 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.7886185 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.7908813 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msvcrt.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7909250 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcrt.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7909380 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcrt.dll","SUCCESS","Information: Owner"
"1:20:43.7909496 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msvcrt.dll","SUCCESS",""
"1:20:43.7909665 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msvcrt.dll","SUCCESS",""
"1:20:43.7911413 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\rpcrt4.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7911799 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\rpcrt4.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7911918 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\rpcrt4.dll","SUCCESS","Information: Owner"
"1:20:43.7912029 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\rpcrt4.dll","SUCCESS",""
"1:20:43.7912185 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\rpcrt4.dll","SUCCESS",""
"1:20:43.7914021 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\sechost.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7914408 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\sechost.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7914527 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\sechost.dll","SUCCESS","Information: Owner"
"1:20:43.7914636 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\sechost.dll","SUCCESS",""
"1:20:43.7914790 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\sechost.dll","SUCCESS",""
"1:20:43.7916552 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\shlwapi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7916947 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\shlwapi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7917066 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\shlwapi.dll","SUCCESS","Information: Owner"
"1:20:43.7917177 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\shlwapi.dll","SUCCESS",""
"1:20:43.7917337 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\shlwapi.dll","SUCCESS",""
"1:20:43.7919172 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ucrtbase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7919569 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ucrtbase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7919688 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ucrtbase.dll","SUCCESS","Information: Owner"
"1:20:43.7919800 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ucrtbase.dll","SUCCESS",""
"1:20:43.7919952 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ucrtbase.dll","SUCCESS",""
"1:20:43.7921620 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\combase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7922001 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\combase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7922122 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\combase.dll","SUCCESS","Information: Owner"
"1:20:43.7922258 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\combase.dll","SUCCESS",""
"1:20:43.7922412 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\combase.dll","SUCCESS",""
"1:20:43.7924382 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\win32u.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7924760 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\win32u.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7924881 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\win32u.dll","SUCCESS","Information: Owner"
"1:20:43.7924993 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\win32u.dll","SUCCESS",""
"1:20:43.7925147 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\win32u.dll","SUCCESS",""
"1:20:43.7947285 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msvcp_win.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7947576 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcp_win.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7947705 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcp_win.dll","SUCCESS","Information: Owner"
"1:20:43.7947821 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp_win.dll","SUCCESS",""
"1:20:43.7947985 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msvcp_win.dll","SUCCESS",""
"1:20:43.7949645 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\user32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7950049 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\user32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7950170 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\user32.dll","SUCCESS","Information: Owner"
"1:20:43.7950284 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\user32.dll","SUCCESS",""
"1:20:43.7950436 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\user32.dll","SUCCESS",""
"1:20:43.7952567 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\gdi32full.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.7952835 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\gdi32full.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.7952954 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\gdi32full.dll","SUCCESS","Information: Owner"
"1:20:43.7953066 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\gdi32full.dll","SUCCESS",""
"1:20:43.8036294 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\gdi32full.dll","SUCCESS",""
"1:20:43.8038665 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\gdi32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8039108 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\gdi32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8039239 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\gdi32.dll","SUCCESS","Information: Owner"
"1:20:43.8039359 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\gdi32.dll","SUCCESS",""
"1:20:43.8039522 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\gdi32.dll","SUCCESS",""
"1:20:43.8041162 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\uxtheme.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8041563 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\uxtheme.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8041687 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\uxtheme.dll","SUCCESS","Information: Owner"
"1:20:43.8041805 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.8041965 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\uxtheme.dll","SUCCESS",""
"1:20:43.8044199 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winmm.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8044625 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winmm.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8044863 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winmm.dll","SUCCESS","Information: Owner"
"1:20:43.8044979 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.8045142 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winmm.dll","SUCCESS",""
"1:20:43.8046932 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\samcli.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8047334 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\samcli.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8047504 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\samcli.dll","SUCCESS","Information: Owner"
"1:20:43.8047625 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.8047852 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\samcli.dll","SUCCESS",""
"1:20:43.8049455 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ole32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8049854 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ole32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8049975 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ole32.dll","SUCCESS","Information: Owner"
"1:20:43.8050088 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ole32.dll","SUCCESS",""
"1:20:43.8050240 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ole32.dll","SUCCESS",""
"1:20:43.8110904 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\oleaut32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8111315 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\oleaut32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8111444 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\oleaut32.dll","SUCCESS","Information: Owner"
"1:20:43.8111556 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\oleaut32.dll","SUCCESS",""
"1:20:43.8111709 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\oleaut32.dll","SUCCESS",""
"1:20:43.8113522 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\advapi32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8113898 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\advapi32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8114015 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\advapi32.dll","SUCCESS","Information: Owner"
"1:20:43.8114125 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\advapi32.dll","SUCCESS",""
"1:20:43.8114273 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\advapi32.dll","SUCCESS",""
"1:20:43.8116196 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winmmbase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8116481 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winmmbase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8116594 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winmmbase.dll","SUCCESS","Information: Owner"
"1:20:43.8116702 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.8116853 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winmmbase.dll","SUCCESS",""
"1:20:43.8118510 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msacm32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8118882 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msacm32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8118994 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msacm32.dll","SUCCESS","Information: Owner"
"1:20:43.8119102 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.8119244 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msacm32.dll","SUCCESS",""
"1:20:43.8120749 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8121114 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\version.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8121229 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\version.dll","SUCCESS","Information: Owner"
"1:20:43.8121337 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.8121481 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\version.dll","SUCCESS",""
"1:20:43.8123107 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\shell32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8123489 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\shell32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8123602 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\shell32.dll","SUCCESS","Information: Owner"
"1:20:43.8123709 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\shell32.dll","SUCCESS",""
"1:20:43.8123854 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\shell32.dll","SUCCESS",""
"1:20:43.8126045 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\userenv.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8126411 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\userenv.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8126525 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\userenv.dll","SUCCESS","Information: Owner"
"1:20:43.8126631 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.8126778 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\userenv.dll","SUCCESS",""
"1:20:43.8128396 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\dwmapi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8128780 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\dwmapi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8128894 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\dwmapi.dll","SUCCESS","Information: Owner"
"1:20:43.8129001 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.8129151 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\dwmapi.dll","SUCCESS",""
"1:20:43.8193113 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\SHCore.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8193599 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\SHCore.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8193735 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\SHCore.dll","SUCCESS","Information: Owner"
"1:20:43.8193866 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\SHCore.dll","SUCCESS",""
"1:20:43.8194024 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\SHCore.dll","SUCCESS",""
"1:20:43.8203393 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\iertutil.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8203821 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\iertutil.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8203944 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\iertutil.dll","SUCCESS","Information: Owner"
"1:20:43.8204057 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.8204229 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\iertutil.dll","SUCCESS",""
"1:20:43.8206251 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\srvcli.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8206656 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\srvcli.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8237916 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8238181 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\vcruntime140.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8238306 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\vcruntime140.dll","SUCCESS","Information: Owner"
"1:20:43.8238414 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.8238572 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.8240322 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8240579 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcp140.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8240694 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcp140.dll","SUCCESS","Information: Owner"
"1:20:43.8240798 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.8240950 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.8242831 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8243133 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8243268 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Information: Owner"
"1:20:43.8243375 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.8243534 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.8245479 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8245760 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8245875 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Information: Owner"
"1:20:43.8245981 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.8246137 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.8247694 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8247983 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8248118 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Information: Owner"
"1:20:43.8248229 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.8248384 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.8250143 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\ws2_32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8250510 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ws2_32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8250630 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ws2_32.dll","SUCCESS","Information: Owner"
"1:20:43.8250737 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\ws2_32.dll","SUCCESS",""
"1:20:43.8250890 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\ws2_32.dll","SUCCESS",""
"1:20:43.8252673 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8252973 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8253087 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Information: Owner"
"1:20:43.8253194 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.8253368 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.8255095 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8255384 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8255495 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Information: Owner"
"1:20:43.8255598 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.8255748 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.8257417 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Windows\System32\SensApi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8257795 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\SensApi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8257914 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\SensApi.dll","SUCCESS","Information: Owner"
"1:20:43.8258021 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.8258198 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.8268451 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.8268828 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8268958 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Information: Owner"
"1:20:43.8269081 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.8269271 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.8280245 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ws2_32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ws2_32.dll"
"1:20:43.8341632 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 8108, User Time: 0.0156250, Kernel Time: 0.0468750"
"1:20:43.8354830 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\srvcli.dll","SUCCESS","Information: Owner"
"1:20:43.8355047 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.8355358 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\srvcli.dll","SUCCESS",""
"1:20:43.8357867 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\netutils.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8358411 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\netutils.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8358530 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\netutils.dll","SUCCESS","Information: Owner"
"1:20:43.8358640 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.8358792 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\netutils.dll","SUCCESS",""
"1:20:43.8360320 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\urlmon.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8360714 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\urlmon.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8360829 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\urlmon.dll","SUCCESS","Information: Owner"
"1:20:43.8360940 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.8361091 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\urlmon.dll","SUCCESS",""
"1:20:43.8362989 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8363470 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winspool.drv","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8363585 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winspool.drv","SUCCESS","Information: Owner"
"1:20:43.8363694 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.8363849 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winspool.drv","SUCCESS",""
"1:20:43.8442379 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\mpr.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8442819 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\mpr.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8442948 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\mpr.dll","SUCCESS","Information: Owner"
"1:20:43.8443056 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.8443244 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\mpr.dll","SUCCESS",""
"1:20:43.8445360 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8445761 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\sspicli.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8445879 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\sspicli.dll","SUCCESS","Information: Owner"
"1:20:43.8446003 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.8446157 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\sspicli.dll","SUCCESS",""
"1:20:43.8496034 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\sechost.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\sechost.dll"
"1:20:43.8497510 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\sechost.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\sechost.dll"
"1:20:43.8509790 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\combase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\combase.dll"
"1:20:43.8510488 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\combase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\combase.dll"
"1:20:43.8511928 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\combase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\combase.dll"
"1:20:43.8512583 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\combase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\combase.dll"
"1:20:43.8517189 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\imm32.dll","FAST IO DISALLOWED",""
"1:20:43.8518509 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8518889 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\imm32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:55 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:33:55 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8518995 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.8519168 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.8520572 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8521219 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.8521332 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\imm32.dll","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 147,968, EndOfFile: 147,704, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.8521419 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.8521501 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8521574 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.8522147 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.8522305 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.8524700 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\imm32.dll","SUCCESS","Image Base: 0x77840000, Image Size: 0x26000"
"1:20:43.8525052 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\imm32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\imm32.dll"
"1:20:43.8528968 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8529364 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\imm32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8529489 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\imm32.dll","SUCCESS","Information: Owner"
"1:20:43.8529616 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.8529774 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\imm32.dll","SUCCESS",""
"1:20:43.8533328 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\user32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\user32.dll"
"1:20:43.8544097 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\edgegdi.dll","FAST IO DISALLOWED",""
"1:20:43.8545402 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\edgegdi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer"
"1:20:43.8553500 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ole32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ole32.dll"
"1:20:43.8554163 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ole32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ole32.dll"
"1:20:43.8557899 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\advapi32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\advapi32.dll"
"1:20:43.8558627 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\advapi32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\advapi32.dll"
"1:20:43.8562530 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\shell32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\shell32.dll"
"1:20:43.8563513 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\shell32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\shell32.dll"
"1:20:43.8564145 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\shell32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\shell32.dll"
"1:20:43.8566862 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\iertutil.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\iertutil.dll"
"1:20:43.8569661 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\urlmon.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\urlmon.dll"
"1:20:43.8572988 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\winspool.drv","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\winspool.drv"
"1:20:43.8576746 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\mpr.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\mpr.dll"
"1:20:43.8577620 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\sspicli.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\sspicli.dll"
"1:20:43.8583957 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CRYPTBASE.DLL","FAST IO DISALLOWED",""
"1:20:43.8586206 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CRYPTBASE.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer"
"1:20:43.8587923 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\cryptbase.dll","FAST IO DISALLOWED",""
"1:20:43.8590220 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8590472 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\cryptbase.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:52 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:33:52 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8590568 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.8590728 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.8602440 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8602976 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\cryptbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.8603074 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.8604089 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\cryptbase.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8604171 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.8605875 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\cryptbase.dll","SUCCESS","Image Base: 0x751b0000, Image Size: 0xa000"
"1:20:43.8606827 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.8606996 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.8609042 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8609294 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\cryptbase.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8609414 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\cryptbase.dll","SUCCESS","Information: Owner"
"1:20:43.8609526 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.8609674 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\cryptbase.dll","SUCCESS",""
"1:20:43.8612955 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryNameInformationFile, Name: \Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
"1:20:43.8615558 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.3.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer"
"1:20:43.8617702 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","FAST IO DISALLOWED",""
"1:20:43.8619069 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer"
"1:20:43.8620959 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8622730 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","FAST IO DISALLOWED",""
"1:20:43.8624053 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8624349 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/16/2021 1:14:31 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/9/2021 8:47:26 AM, ChangeTime: 8/12/2021 7:29:54 PM, FileAttributes: A"
"1:20:43.8624455 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.8624613 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.8626070 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8626559 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.8626658 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.8627604 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8627687 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.8629183 PM","AcroRd32.exe","2916","Load Image","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS","Image Base: 0x6ed50000, Image Size: 0x210000"
"1:20:43.8631781 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.8631954 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll","SUCCESS",""
"1:20:43.8635297 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8635770 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WindowsShell.Manifest","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.8635869 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\WindowsShell.Manifest","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 1,024, EndOfFile: 670, NumberOfLinks: 3, DeletePending: False, Directory: False"
"1:20:43.8635955 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WindowsShell.Manifest","SUCCESS",""
"1:20:43.8636031 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8636106 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\WindowsShell.Manifest","SUCCESS",""
"1:20:43.8636807 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\WindowsShell.Manifest","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 1,024, EndOfFile: 670, NumberOfLinks: 3, DeletePending: False, Directory: False"
"1:20:43.8639765 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\WindowsShell.Manifest","SUCCESS",""
"1:20:43.8639921 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\WindowsShell.Manifest","SUCCESS",""
"1:20:43.8640940 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 7432"
"1:20:43.8648624 PM","AcroRd32.exe","3984","Thread Create","","SUCCESS","Thread ID: 6120"
"1:20:43.8660667 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","FAST IO DISALLOWED",""
"1:20:43.8662045 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8662333 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:53 PM, FileAttributes: A"
"1:20:43.8662437 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.8662600 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:43.8664377 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8664768 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","C:\Program Files\Adobe","SUCCESS","Type: QueryDirectory, Filter: Adobe, 2: Adobe"
"1:20:43.8665048 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files","SUCCESS",""
"1:20:43.8665222 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files","SUCCESS",""
"1:20:43.8666669 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8667055 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Type: QueryDirectory, Filter: Reader, 2: Reader"
"1:20:43.8667306 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.8667464 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC","SUCCESS",""
"1:20:43.8668886 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8669299 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS","Type: QueryDirectory, Filter: AcroRd32.exe, 2: AcroRd32.exe"
"1:20:43.8669545 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.8669682 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.8679144 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8679658 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.8679758 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 3,371,520, EndOfFile: 3,371,404, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.8679845 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"1:20:43.8679920 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8679992 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"1:20:43.8680163 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"1:20:43.8680335 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"1:20:43.8698024 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\uxtheme.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\uxtheme.dll"
"1:20:43.8701321 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\msctf.dll","SUCCESS","Image Base: 0x76af0000, Image Size: 0xd4000"
"1:20:43.8705780 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msctf.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8706199 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msctf.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8706350 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msctf.dll","SUCCESS","Information: Owner"
"1:20:43.8706461 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msctf.dll","SUCCESS",""
"1:20:43.8706624 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msctf.dll","SUCCESS",""
"1:20:43.8708145 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\msctf.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\msctf.dll"
"1:20:43.8765783 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\rpcss.dll","FAST IO DISALLOWED",""
"1:20:43.8767055 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\rpcss.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8767533 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\rpcss.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:19 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/31/2021 7:34:19 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8767654 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.8767837 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.8769210 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\rpcss.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8769858 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\rpcss.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
"1:20:43.8769975 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\rpcss.dll","SUCCESS","Type: QueryStandardInformationFile, AllocationSize: 1,105,408, EndOfFile: 1,105,408, NumberOfLinks: 2, DeletePending: False, Directory: False"
"1:20:43.8770069 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.8770160 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\rpcss.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8770237 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.8770729 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.8770892 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\rpcss.dll","SUCCESS",""
"1:20:43.8771664 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\combase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\combase.dll"
"1:20:43.8774194 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\kernel.appcore.dll","FAST IO DISALLOWED",""
"1:20:43.8775470 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8775717 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:07 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:33:07 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8775817 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.8775974 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.8777393 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8777850 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\kernel.appcore.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.8777954 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.8779025 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\kernel.appcore.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8779113 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.8780962 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Image Base: 0x73c20000, Image Size: 0xf000"
"1:20:43.8782056 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.8782239 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.8784911 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8785178 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\kernel.appcore.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8785309 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Information: Owner"
"1:20:43.8785423 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.8785579 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
"1:20:43.8827128 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Image Base: 0x75930000, Image Size: 0x5f000"
"1:20:43.8829946 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8830218 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\bcryptprimitives.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8830347 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Information: Owner"
"1:20:43.8830471 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\bcryptprimitives.dll","SUCCESS",""
"1:20:43.8830626 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\bcryptprimitives.dll","SUCCESS",""
"1:20:43.8833199 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\bcryptprimitives.dll"
"1:20:43.8871173 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.8871491 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.8874180 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.8874398 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.8887913 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\TextInputFramework.dll","FAST IO DISALLOWED",""
"1:20:43.8889193 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8889462 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:03 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 7/31/2021 7:34:03 PM, ChangeTime: 8/12/2021 7:30:26 PM, FileAttributes: A"
"1:20:43.8889566 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
"1:20:43.8889728 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
"1:20:43.8891116 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8891605 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\TextInputFramework.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.8891709 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
"1:20:43.8892703 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\TextInputFramework.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8892817 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
"1:20:43.8894675 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Image Base: 0x66ee0000, Image Size: 0xb9000"
"1:20:43.8896976 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
"1:20:43.8897159 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
"1:20:43.8898873 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\CoreUIComponents.dll","FAST IO DISALLOWED",""
"1:20:43.8900425 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8900677 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:32:48 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:32:48 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8900828 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
"1:20:43.8901012 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
"1:20:43.8902456 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8902912 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\CoreUIComponents.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.8903012 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
"1:20:43.8904035 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8904124 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
"1:20:43.8905577 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Image Base: 0x73390000, Image Size: 0x27e000"
"1:20:43.8909813 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
"1:20:43.8909985 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
"1:20:43.8911662 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\CoreMessaging.dll","FAST IO DISALLOWED",""
"1:20:43.8912997 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8913251 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 5/14/2021 10:49:37 AM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 5/14/2021 10:49:37 AM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8913370 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8913524 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8914950 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8915422 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\CoreMessaging.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.8915528 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8916503 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\CoreMessaging.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8916598 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8917937 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Image Base: 0x73610000, Image Size: 0xb2000"
"1:20:43.8920679 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\ws2_32.dll","SUCCESS","Image Base: 0x77390000, Image Size: 0x63000"
"1:20:43.8921853 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8922024 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8923687 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\ntmarta.dll","FAST IO DISALLOWED",""
"1:20:43.8925048 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ntmarta.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8925432 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\ntmarta.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:38 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 10/13/2020 5:33:38 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8925541 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.8925699 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.8927069 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ntmarta.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8927668 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ntmarta.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.8927774 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.8928780 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ntmarta.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8928866 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.8930241 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\ntmarta.dll","SUCCESS","Image Base: 0x74690000, Image Size: 0x29000"
"1:20:43.8931255 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.8931429 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.8933885 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\CoreMessaging.dll","FAST IO DISALLOWED",""
"1:20:43.8935143 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8935387 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 5/14/2021 10:49:37 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 10:49:37 AM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8935507 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8935674 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8937154 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\WinTypes.dll","FAST IO DISALLOWED",""
"1:20:43.8938402 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\WinTypes.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8938809 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\WinTypes.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 6/24/2021 7:03:46 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 6/24/2021 7:03:46 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8938935 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8939106 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8940495 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\WinTypes.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8941104 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\WinTypes.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.8941210 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8942250 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\WinTypes.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.8942338 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8943819 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\WinTypes.dll","SUCCESS","Image Base: 0x72e40000, Image Size: 0xdb000"
"1:20:43.8944905 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8945077 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8946482 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\WinTypes.dll","FAST IO DISALLOWED",""
"1:20:43.8947726 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\WinTypes.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8948072 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\WinTypes.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 6/24/2021 7:03:46 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 6/24/2021 7:03:46 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8948177 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8948325 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8949689 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\WinTypes.dll","FAST IO DISALLOWED",""
"1:20:43.8950927 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\WinTypes.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8951265 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\WinTypes.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 6/24/2021 7:03:46 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 6/24/2021 7:03:46 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.8951365 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8951511 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8957447 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ntmarta.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8957838 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ntmarta.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8957969 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ntmarta.dll","SUCCESS","Information: Owner"
"1:20:43.8958081 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.8958234 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ntmarta.dll","SUCCESS",""
"1:20:43.8959897 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ws2_32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8960285 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ws2_32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8960406 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ws2_32.dll","SUCCESS","Information: Owner"
"1:20:43.8960516 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ws2_32.dll","SUCCESS",""
"1:20:43.8960673 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ws2_32.dll","SUCCESS",""
"1:20:43.8962465 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8962727 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\CoreMessaging.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8962846 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Information: Owner"
"1:20:43.8962956 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8963106 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
"1:20:43.8964870 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\WinTypes.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8965249 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\WinTypes.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8965373 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\WinTypes.dll","SUCCESS","Information: Owner"
"1:20:43.8965489 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8965640 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\WinTypes.dll","SUCCESS",""
"1:20:43.8967423 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8967696 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\CoreUIComponents.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8967817 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Information: Owner"
"1:20:43.8967956 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
"1:20:43.8968113 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
"1:20:43.8969982 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer, OpenResult: Opened"
"1:20:43.8970256 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\TextInputFramework.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.8970378 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Information: Owner"
"1:20:43.8970496 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
"1:20:43.8970649 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
"1:20:43.8975433 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ws2_32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ws2_32.dll"
"1:20:43.8977211 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\WinTypes.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\WinTypes.dll"
"1:20:43.8978546 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\CoreUIComponents.dll"
"1:20:43.8980870 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\TextInputFramework.dll"
"1:20:43.8981642 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\TextInputFramework.dll"
"1:20:43.9035401 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.9035678 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.9055073 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\SystemResources\USER32.dll.mun","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DancingMachine\Dancer"
"1:20:43.9208034 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","FAST IO DISALLOWED",""
"1:20:43.9209319 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9209645 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:53 PM, FileAttributes: A"
"1:20:43.9209751 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9209941 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9211461 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9212117 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9212230 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9218202 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9218295 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9218434 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9244738 PM","AcroRd32.exe","2916","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Image Base: 0x7a270000, Image Size: 0x1c51000"
"1:20:43.9247779 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9251246 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9251442 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9253336 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9324006 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","FAST IO DISALLOWED",""
"1:20:43.9325840 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9327938 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9331132 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9331348 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9332878 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","FAST IO DISALLOWED",""
"1:20:43.9334262 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9334581 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:14 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:14 AM, ChangeTime: 8/13/2021 1:14:55 PM, FileAttributes: A"
"1:20:43.9334705 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9334876 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9336796 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9337418 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9337534 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9338623 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9338703 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9338830 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9341118 PM","AcroRd32.exe","2916","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Image Base: 0x53e20000, Image Size: 0x562000"
"1:20:43.9344445 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9347915 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9348064 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9349529 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9349691 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9351429 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","FAST IO DISALLOWED",""
"1:20:43.9352700 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9352978 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:55 PM, FileAttributes: A"
"1:20:43.9353074 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9353298 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9354658 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9355137 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9355238 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9356166 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9356245 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9356354 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9357594 PM","AcroRd32.exe","2916","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Image Base: 0x6d380000, Image Size: 0x21000"
"1:20:43.9360038 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9363236 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9363388 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9364188 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9364350 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9365940 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","FAST IO DISALLOWED",""
"1:20:43.9367220 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9367515 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:55 PM, FileAttributes: A"
"1:20:43.9367626 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9367789 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9369218 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9369718 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9369822 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9370852 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9371007 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9371129 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9372579 PM","AcroRd32.exe","2916","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Image Base: 0x608a0000, Image Size: 0x2e4000"
"1:20:43.9375454 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9378826 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9378977 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9380355 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9380519 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9382017 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","FAST IO DISALLOWED",""
"1:20:43.9383365 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9384281 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/23/2021 11:39:12 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/23/2021 11:39:12 PM, ChangeTime: 8/13/2021 1:14:46 PM, FileAttributes: A"
"1:20:43.9384408 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.9384564 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.9385958 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9386448 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9386548 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.9387496 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9387577 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.9387686 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9388960 PM","AcroRd32.exe","2916","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Image Base: 0x62a00000, Image Size: 0x193000"
"1:20:43.9390483 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.9391685 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.9391865 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.9393388 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","FAST IO DISALLOWED",""
"1:20:43.9394924 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9396559 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\msvcp140.dll","FAST IO DISALLOWED",""
"1:20:43.9397765 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9398012 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\msvcp140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.9398122 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9398275 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9399674 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9400185 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msvcp140.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9400293 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9401238 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msvcp140.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9401319 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9401425 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcp140.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9402594 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\msvcp140.dll","SUCCESS","Image Base: 0x68990000, Image Size: 0x6f000"
"1:20:43.9403937 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9404111 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9405622 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.9406883 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9408393 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.9409570 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9409798 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.9409893 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9410040 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9411376 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9411816 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\vcruntime140.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9411913 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9412844 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9412923 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9413030 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\vcruntime140.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9414216 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\vcruntime140.dll","SUCCESS","Image Base: 0x68d30000, Image Size: 0x14000"
"1:20:43.9414959 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9415160 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9416732 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","FAST IO DISALLOWED",""
"1:20:43.9417999 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9418285 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/24/2021 1:39:12 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/24/2021 1:39:12 AM, ChangeTime: 8/13/2021 1:14:52 PM, FileAttributes: A"
"1:20:43.9418386 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9418537 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9420007 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9420500 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9420604 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9421542 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9421623 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9421728 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9424840 PM","AcroRd32.exe","2916","Load Image","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Image Base: 0x687b0000, Image Size: 0xf4000"
"1:20:43.9427699 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9431078 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9431229 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9431715 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9431862 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9433335 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\SensApi.dll","FAST IO DISALLOWED",""
"1:20:43.9434566 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\SensApi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9436057 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\SensApi.dll","FAST IO DISALLOWED",""
"1:20:43.9437219 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\SensApi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9437635 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\SensApi.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/7/2019 1:07:37 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 12/7/2019 1:07:37 AM, ChangeTime: 8/12/2021 7:29:53 PM, FileAttributes: A"
"1:20:43.9437733 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.9437881 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.9439184 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\SensApi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9439735 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\SensApi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9439833 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.9440759 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\SensApi.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9440840 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.9440949 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\SensApi.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9442172 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\SensApi.dll","SUCCESS","Image Base: 0x6d370000, Image Size: 0x8000"
"1:20:43.9443072 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.9443426 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.9444892 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","FAST IO DISALLOWED",""
"1:20:43.9446151 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9447636 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\msvcp140.dll","FAST IO DISALLOWED",""
"1:20:43.9448899 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9449127 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\msvcp140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.9449223 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9449371 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9450819 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.9452046 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9453737 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.9454970 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9455192 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.9455292 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9455439 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9456844 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.9458066 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9459506 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.9460679 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9460890 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.9460983 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9461121 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9462517 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","FAST IO DISALLOWED",""
"1:20:43.9463757 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\MSVCP140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9465205 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\msvcp140.dll","FAST IO DISALLOWED",""
"1:20:43.9466367 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9466586 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\msvcp140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.9466677 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9466818 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9468222 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.9469453 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9470891 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.9472073 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9472282 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.9472374 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9472516 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9473938 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.9475156 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9476580 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.9477754 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9477962 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.9478055 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9478194 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9479596 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","FAST IO DISALLOWED",""
"1:20:43.9480801 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\VCRUNTIME140.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9482237 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\vcruntime140.dll","FAST IO DISALLOWED",""
"1:20:43.9483420 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9483631 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\vcruntime140.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 9/27/2019 8:04:10 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 9/27/2019 8:04:10 PM, ChangeTime: 8/13/2021 1:14:50 PM, FileAttributes: A"
"1:20:43.9483724 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9483863 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9492651 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\vcruntime140.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9492905 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\vcruntime140.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9493023 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\vcruntime140.dll","SUCCESS","Information: Owner"
"1:20:43.9493128 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9493319 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\vcruntime140.dll","SUCCESS",""
"1:20:43.9494988 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\msvcp140.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9495236 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcp140.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9495348 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\msvcp140.dll","SUCCESS","Information: Owner"
"1:20:43.9495451 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9495595 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\msvcp140.dll","SUCCESS",""
"1:20:43.9497319 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9497625 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9497738 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS","Information: Owner"
"1:20:43.9497848 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9498001 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll","SUCCESS",""
"1:20:43.9499893 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9500188 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9500300 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS","Information: Owner"
"1:20:43.9500407 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9500561 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll","SUCCESS",""
"1:20:43.9502102 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9502405 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9502518 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS","Information: Owner"
"1:20:43.9502644 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9502796 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll","SUCCESS",""
"1:20:43.9506024 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9506340 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9506459 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS","Information: Owner"
"1:20:43.9506562 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.9506717 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\libeay32.dll","SUCCESS",""
"1:20:43.9508449 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9508766 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9508880 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS","Information: Owner"
"1:20:43.9508988 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9509135 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll","SUCCESS",""
"1:20:43.9510791 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\SensApi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9511189 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\SensApi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9511307 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\SensApi.dll","SUCCESS","Information: Owner"
"1:20:43.9511409 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.9511557 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\SensApi.dll","SUCCESS",""
"1:20:43.9513085 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9513470 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9513584 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS","Information: Owner"
"1:20:43.9513686 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9513838 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll","SUCCESS",""
"1:20:43.9557409 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.9557632 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:43.9557812 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:43.9557975 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:43.9568970 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\","ACCESS DENIED","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"1:20:43.9569683 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9570556 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\","SUCCESS","Type: QueryNameInformationFile, Name: \"
"1:20:43.9570775 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\","SUCCESS","Type: QueryNameInformationFile, Name: \"
"1:20:43.9571569 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","C:\","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9571822 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\","SUCCESS",""
"1:20:43.9571958 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\","SUCCESS",""
"1:20:43.9572224 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9572511 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\","SUCCESS","Type: QueryNameInformationFile, Name: \"
"1:20:43.9572655 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","C:\","SUCCESS","Type: QueryNameInformationFile, Name: \"
"1:20:43.9573042 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\","SUCCESS","Type: QueryNameInformationFile, Name: \"
"1:20:43.9573354 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_VOLUME_INFORMATION","C:\","SUCCESS","Type: QueryInformationVolume, VolumeCreationTime: 3/18/2009 7:36:46 PM, VolumeSerialNumber: D0CC-4786, SupportsObjects: True, VolumeLabel: MAIN"
"1:20:43.9573494 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_VOLUME_INFORMATION","C:\","SUCCESS","Type: QueryAttributeInformationVolume, FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS"
"1:20:43.9573646 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\","SUCCESS",""
"1:20:43.9573776 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\","SUCCESS",""
"1:20:43.9576211 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ole32.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ole32.dll"
"1:20:43.9576447 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\KernelBase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\KernelBase.dll"
"1:20:43.9577756 PM","AcroRd32.exe","2916","Thread Create","","SUCCESS","Thread ID: 7508"
"1:20:43.9578187 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.9578606 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ntdll.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll"
"1:20:43.9580524 PM","AcroRd32.exe","2916","Thread Exit","","SUCCESS","Thread ID: 7508, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:43.9621778 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\program files\adobe\acrobat reader dc\reader\acrord32res.dll","FAST IO DISALLOWED",""
"1:20:43.9622505 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\program files\adobe\acrobat reader dc\reader\acrord32res.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9623510 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\program files\adobe\acrobat reader dc\reader\acrord32res.dll.DLL","FAST IO DISALLOWED",""
"1:20:43.9624170 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\program files\adobe\acrobat reader dc\reader\acrord32res.dll.DLL","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9654275 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\Desktop\agm.ini","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a"
"1:20:43.9655148 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\agm.ini","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a"
"1:20:43.9683993 PM","AcroRd32.exe","2916","Thread Create","","SUCCESS","Thread ID: 2896"
"1:20:43.9757383 PM","AcroRd32.exe","2916","Thread Create","","SUCCESS","Thread ID: 2292"
"1:20:43.9773246 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\windows.storage.dll","FAST IO DISALLOWED",""
"1:20:43.9774481 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9774763 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:04 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/31/2021 7:34:05 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.9774877 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.9775050 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.9776421 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9776974 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\windows.storage.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9777081 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.9778053 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\windows.storage.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9778131 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.9778248 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\windows.storage.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9780411 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\windows.storage.dll","SUCCESS","Image Base: 0x73ed0000, Image Size: 0x608000"
"1:20:43.9782510 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.9782679 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.9784314 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\wldp.dll","FAST IO DISALLOWED",""
"1:20:43.9785541 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9785950 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\wldp.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 12/1/2020 12:01:35 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 12/1/2020 12:01:35 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.9786053 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.9786207 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.9787828 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9788437 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wldp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9788540 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.9789650 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wldp.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9789732 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.9789839 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\wldp.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9791215 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\wldp.dll","SUCCESS","Image Base: 0x75250000, Image Size: 0x24000"
"1:20:43.9792252 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.9792423 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.9796804 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9797174 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\wldp.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9797294 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\wldp.dll","SUCCESS","Information: Owner"
"1:20:43.9797402 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.9797550 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\wldp.dll","SUCCESS",""
"1:20:43.9799301 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9799548 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\windows.storage.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9799682 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\windows.storage.dll","SUCCESS","Information: Owner"
"1:20:43.9799789 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.9799935 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\windows.storage.dll","SUCCESS",""
"1:20:43.9801821 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\wldp.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\wldp.dll"
"1:20:43.9804962 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.9805880 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.9806513 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.9807137 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.9811130 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.9823189 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.9827997 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\profapi.dll","FAST IO DISALLOWED",""
"1:20:43.9829185 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9829555 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\profapi.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 2/25/2021 10:57:39 AM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 2/25/2021 10:57:39 AM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:43.9829658 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.9829812 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.9831131 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9831698 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:43.9831797 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.9832741 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profapi.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:43.9832821 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.9832927 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\profapi.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:43.9834325 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\profapi.dll","SUCCESS","Image Base: 0x756f0000, Image Size: 0x18000"
"1:20:43.9835356 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.9835571 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.9837642 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9838026 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\profapi.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:43.9838145 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\profapi.dll","SUCCESS","Information: Owner"
"1:20:43.9838255 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.9838404 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\profapi.dll","SUCCESS",""
"1:20:43.9840618 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.9841341 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer","ACCESS DENIED",""
"1:20:43.9842296 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9842786 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer"
"1:20:43.9842977 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer"
"1:20:43.9843633 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9843893 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer","SUCCESS",""
"1:20:43.9844005 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer","SUCCESS",""
"1:20:43.9844719 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer","SUCCESS","CreationTime: 7/18/2020 1:02:26 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 1:50:55 PM, ChangeTime: 5/14/2021 1:50:55 PM, AllocationSize: 16,384, EndOfFile: 16,384, FileAttributes: D"
"1:20:43.9845916 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.9846600 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Local","ACCESS DENIED",""
"1:20:43.9847423 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9847779 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local"
"1:20:43.9847917 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local"
"1:20:43.9848382 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9848642 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local","SUCCESS",""
"1:20:43.9848757 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local","SUCCESS",""
"1:20:43.9849386 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Local","SUCCESS","CreationTime: 7/18/2020 1:02:27 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 6/7/2021 4:17:18 PM, ChangeTime: 6/7/2021 4:17:18 PM, AllocationSize: 24,576, EndOfFile: 24,576, FileAttributes: D"
"1:20:43.9850209 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9851087 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9851445 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Adobe\Acrobat"
"1:20:43.9851589 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Adobe\Acrobat"
"1:20:43.9852048 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9852363 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS",""
"1:20:43.9852474 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS",""
"1:20:43.9853169 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9853771 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","BUFFER OVERFLOW","Type: QueryNameInformationFile, Name: \U"
"1:20:43.9854319 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Adobe\Acrobat"
"1:20:43.9854938 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Local\Adobe\Acrobat\DC","SUCCESS","Type: QueryDirectory, Filter: DC, 2: DC"
"1:20:43.9855130 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS",""
"1:20:43.9855240 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Adobe\Acrobat","SUCCESS",""
"1:20:43.9864273 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\program files\adobe\acrobat reader dc\reader\acrord32res.dll","FAST IO DISALLOWED",""
"1:20:43.9864951 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\program files\adobe\acrobat reader dc\reader\acrord32res.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9865855 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\program files\adobe\acrobat reader dc\reader\acrord32res.dll.DLL","FAST IO DISALLOWED",""
"1:20:43.9866510 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\program files\adobe\acrobat reader dc\reader\acrord32res.dll.DLL","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9867611 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\SystemResources\AcroRd32.exe.mun","PATH NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
"1:20:43.9875558 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9876510 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9876891 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9877026 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9877513 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9877825 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9877936 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9878555 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9878916 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","BUFFER OVERFLOW","Type: QueryNameInformationFile, Name: \U"
"1:20:43.9879041 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9879419 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx\Z@S*.*","NO SUCH FILE","Type: QueryDirectory, Filter: Z@S*.*"
"1:20:43.9879579 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9879693 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9880351 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9881239 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9881616 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9881749 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9882216 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9882506 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9882617 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9883245 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9883821 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","BUFFER OVERFLOW","Type: QueryNameInformationFile, Name: \U"
"1:20:43.9883940 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9884293 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx\Z@R*.*","NO SUCH FILE","Type: QueryDirectory, Filter: Z@R*.*"
"1:20:43.9884468 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9884580 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9903689 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\windows.storage.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\windows.storage.dll"
"1:20:43.9908570 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.9909257 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer","ACCESS DENIED",""
"1:20:43.9910093 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9910455 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer"
"1:20:43.9910589 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer"
"1:20:43.9911056 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9911294 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer","SUCCESS",""
"1:20:43.9911405 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer","SUCCESS",""
"1:20:43.9912029 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer","SUCCESS","CreationTime: 7/18/2020 1:02:26 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 5/14/2021 1:50:55 PM, ChangeTime: 5/14/2021 1:50:55 PM, AllocationSize: 16,384, EndOfFile: 16,384, FileAttributes: D"
"1:20:43.9912814 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"1:20:43.9913609 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Roaming","ACCESS DENIED",""
"1:20:43.9914426 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9914790 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming"
"1:20:43.9914926 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming"
"1:20:43.9915400 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9915665 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming","SUCCESS",""
"1:20:43.9915779 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming","SUCCESS",""
"1:20:43.9916412 PM","AcroRd32.exe","3984","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Roaming","SUCCESS","CreationTime: 7/18/2020 1:02:27 PM, LastAccessTime: 8/13/2021 1:20:43 PM, LastWriteTime: 7/18/2020 1:05:25 PM, ChangeTime: 7/18/2020 1:05:25 PM, AllocationSize: 12,288, EndOfFile: 12,288, FileAttributes: D"
"1:20:43.9917215 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9918100 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9918465 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.9918601 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.9919070 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9919574 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.9919694 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.9920375 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9920714 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","BUFFER OVERFLOW","Type: QueryNameInformationFile, Name: \U"
"1:20:43.9920840 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat"
"1:20:43.9921197 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Type: QueryDirectory, Filter: DC, 2: DC"
"1:20:43.9921376 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.9921485 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat","SUCCESS",""
"1:20:43.9922499 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9923520 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9923889 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC"
"1:20:43.9924014 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC"
"1:20:43.9924468 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9924772 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.9924882 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.9925501 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9925836 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","BUFFER OVERFLOW","Type: QueryNameInformationFile, Name: \U"
"1:20:43.9925955 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC"
"1:20:43.9926322 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC\AutoSave","NO SUCH FILE","Type: QueryDirectory, Filter: AutoSave"
"1:20:43.9926486 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.9926600 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC","SUCCESS",""
"1:20:43.9927196 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","F:\Users\Dancer\AppData\Roaming\Adobe\Acrobat\DC\AutoSave","NAME NOT FOUND",""
"1:20:43.9934890 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9935780 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9936147 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9936283 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9936739 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9937028 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9937139 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9937759 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9938103 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","BUFFER OVERFLOW","Type: QueryNameInformationFile, Name: \U"
"1:20:43.9938231 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9938621 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx\A97q9zfy_13ian6v_290.tmp","NO SUCH FILE","Type: QueryDirectory, Filter: A97q9zfy_13ian6v_290.tmp"
"1:20:43.9938785 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9938899 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9940112 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9940416 PM","AcroRd32.exe","3984","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx\A97q9zfy_13ian6v_290.tmp","NO SUCH FILE","Type: QueryDirectory, Filter: A97q9zfy_13ian6v_290.tmp"
"1:20:43.9940557 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9940664 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9941769 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9942674 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9943035 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp"
"1:20:43.9943184 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp"
"1:20:43.9943643 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9943918 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp","SUCCESS",""
"1:20:43.9944030 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp","SUCCESS",""
"1:20:43.9944700 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9945039 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp","BUFFER OVERFLOW","Type: QueryNameInformationFile, Name: \U"
"1:20:43.9945154 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp"
"1:20:43.9945504 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryDirectory, Filter: acrord32_sbx, 2: acrord32_sbx"
"1:20:43.9945740 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp","SUCCESS",""
"1:20:43.9945849 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp","SUCCESS",""
"1:20:43.9946581 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:43.9947467 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9947839 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9947970 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9948419 PM","AcroRd32.exe","3984","IRP_MN_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNormalizedNameInformationFile"
"1:20:43.9948726 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9948835 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9949450 PM","AcroRd32.exe","3984","IRP_MJ_CREATE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:43.9949797 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","BUFFER OVERFLOW","Type: QueryNameInformationFile, Name: \U"
"1:20:43.9949917 PM","AcroRd32.exe","3984","IRP_MJ_QUERY_INFORMATION","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryNameInformationFile, Name: \Users\Dancer\AppData\Local\Temp\acrord32_sbx"
"1:20:43.9950268 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx\*","SUCCESS","Type: QueryDirectory, Filter: *, 2: ."
"1:20:43.9950463 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS","Type: QueryDirectory, 1: .."
"1:20:43.9950601 PM","AcroRd32.exe","2916","IRP_MJ_DIRECTORY_CONTROL","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","NO MORE FILES","Type: QueryDirectory"
"1:20:43.9950702 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9950809 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:43.9961764 PM","AcroRd32.exe","2916","Thread Exit","","SUCCESS","Thread ID: 2896, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0029989 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\ieframe.dll","FAST IO DISALLOWED",""
"1:20:44.0031195 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ieframe.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0031638 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\ieframe.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:46 PM, LastAccessTime: 8/13/2021 1:20:38 PM, LastWriteTime: 7/31/2021 7:34:46 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:44.0031747 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0031943 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0033406 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ieframe.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0034042 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ieframe.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:44.0034147 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0035130 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ieframe.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:44.0035213 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0035334 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ieframe.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:44.0037320 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\ieframe.dll","SUCCESS","Image Base: 0x52910000, Image Size: 0x62e000"
"1:20:44.0039490 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0039654 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0041266 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\NETAPI32.dll","FAST IO DISALLOWED",""
"1:20:44.0042524 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\NETAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:44.0044245 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\netapi32.dll","FAST IO DISALLOWED",""
"1:20:44.0045585 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0045950 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\netapi32.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:32:17 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:32:17 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:44.0046054 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\netapi32.dll","SUCCESS",""
"1:20:44.0046204 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\netapi32.dll","SUCCESS",""
"1:20:44.0047531 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0048099 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:44.0048199 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netapi32.dll","SUCCESS",""
"1:20:44.0049138 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netapi32.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:44.0049218 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\netapi32.dll","SUCCESS",""
"1:20:44.0049323 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\netapi32.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:44.0050819 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\netapi32.dll","SUCCESS","Image Base: 0x6d0b0000, Image Size: 0x13000"
"1:20:44.0051764 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\netapi32.dll","SUCCESS",""
"1:20:44.0051934 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\netapi32.dll","SUCCESS",""
"1:20:44.0053512 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\WINHTTP.dll","FAST IO DISALLOWED",""
"1:20:44.0054808 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\WINHTTP.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:44.0056318 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\winhttp.dll","FAST IO DISALLOWED",""
"1:20:44.0057679 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winhttp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0058082 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\winhttp.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 7/31/2021 7:34:20 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 7/31/2021 7:34:20 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:44.0058234 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winhttp.dll","SUCCESS",""
"1:20:44.0058403 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winhttp.dll","SUCCESS",""
"1:20:44.0059758 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winhttp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0060315 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winhttp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:44.0060415 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winhttp.dll","SUCCESS",""
"1:20:44.0061339 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winhttp.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:44.0061421 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\winhttp.dll","SUCCESS",""
"1:20:44.0061530 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winhttp.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:44.0062857 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\winhttp.dll","SUCCESS","Image Base: 0x70bc0000, Image Size: 0xc8000"
"1:20:44.0064177 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winhttp.dll","SUCCESS",""
"1:20:44.0064348 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winhttp.dll","SUCCESS",""
"1:20:44.0069754 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\WKSCLI.DLL","FAST IO DISALLOWED",""
"1:20:44.0070996 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\WKSCLI.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:44.0072491 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Windows\System32\wkscli.dll","FAST IO DISALLOWED",""
"1:20:44.0073825 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\wkscli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0074181 PM","AcroRd32.exe","2916","FASTIO_QUERY_INFORMATION","C:\Windows\System32\wkscli.dll","SUCCESS","Type: QueryBasicInformationFile, CreationTime: 10/13/2020 5:33:38 PM, LastAccessTime: 8/13/2021 1:20:39 PM, LastWriteTime: 10/13/2020 5:33:38 PM, ChangeTime: 8/12/2021 7:30:31 PM, FileAttributes: A"
"1:20:44.0074282 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\wkscli.dll","SUCCESS",""
"1:20:44.0074435 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\wkscli.dll","SUCCESS",""
"1:20:44.0075762 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\wkscli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0076323 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wkscli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"1:20:44.0076451 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wkscli.dll","SUCCESS",""
"1:20:44.0077388 PM","AcroRd32.exe","2916","FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wkscli.dll","SUCCESS","SyncType: SyncTypeOther"
"1:20:44.0077472 PM","AcroRd32.exe","2916","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\Windows\System32\wkscli.dll","SUCCESS",""
"1:20:44.0077581 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\wkscli.dll","SUCCESS","Information: Owner, Group, DACL, SACL, Label, 0x1a0"
"1:20:44.0078852 PM","AcroRd32.exe","2916","Load Image","C:\Windows\System32\wkscli.dll","SUCCESS","Image Base: 0x74bd0000, Image Size: 0x10000"
"1:20:44.0079746 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\wkscli.dll","SUCCESS",""
"1:20:44.0079917 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\wkscli.dll","SUCCESS",""
"1:20:44.0082491 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0082959 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\netapi32.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:44.0083095 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\netapi32.dll","SUCCESS","Information: Owner"
"1:20:44.0083291 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\netapi32.dll","SUCCESS",""
"1:20:44.0083456 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\netapi32.dll","SUCCESS",""
"1:20:44.0085369 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\winhttp.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0085759 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winhttp.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:44.0085880 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\winhttp.dll","SUCCESS","Information: Owner"
"1:20:44.0085987 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\winhttp.dll","SUCCESS",""
"1:20:44.0086140 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\winhttp.dll","SUCCESS",""
"1:20:44.0087989 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\wkscli.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0091311 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\wkscli.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:44.0091526 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\wkscli.dll","SUCCESS","Information: Owner"
"1:20:44.0091642 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\wkscli.dll","SUCCESS",""
"1:20:44.0091793 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\wkscli.dll","SUCCESS",""
"1:20:44.0094273 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ieframe.dll","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0094678 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ieframe.dll","BUFFER OVERFLOW","Information: Owner"
"1:20:44.0094801 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_SECURITY","C:\Windows\System32\ieframe.dll","SUCCESS","Information: Owner"
"1:20:44.0094908 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0095061 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0101428 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\ieframe.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\ieframe.dll"
"1:20:44.0103955 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32\ieframe.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0107567 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0107726 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32\ieframe.dll","SUCCESS",""
"1:20:44.0109603 PM","AcroRd32.exe","2916","FASTIO_NETWORK_QUERY_OPEN","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","FAST IO DISALLOWED",""
"1:20:44.0110850 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"1:20:44.0112630 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0115661 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\iertutil.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\iertutil.dll"
"1:20:44.0115902 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_INFORMATION","C:\Windows\System32\KernelBase.dll","SUCCESS","Type: QueryNameInformationFile, Name: \Windows\System32\KernelBase.dll"
"1:20:44.0117810 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows\System32","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0118078 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_VOLUME_INFORMATION","C:\Windows\System32","SUCCESS","Type: QuerySizeInformationVolume, TotalAllocationUnits: 232,581,063, AvailableAllocationUnits: 143,470,263, SectorsPerAllocationUnit: 1, BytesPerSector: 512"
"1:20:44.0118205 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\System32","SUCCESS",""
"1:20:44.0118339 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\System32","SUCCESS",""
"1:20:44.0119679 PM","AcroRd32.exe","2916","IRP_MJ_CREATE","C:\Windows","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Free Space Query, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"1:20:44.0119957 PM","AcroRd32.exe","2916","IRP_MJ_QUERY_VOLUME_INFORMATION","C:\Windows","SUCCESS","Type: QuerySizeInformationVolume, TotalAllocationUnits: 232,581,063, AvailableAllocationUnits: 143,470,263, SectorsPerAllocationUnit: 1, BytesPerSector: 512"
"1:20:44.0120085 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows","SUCCESS",""
"1:20:44.0120225 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows","SUCCESS",""
"1:20:44.0129020 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:44.0129191 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:44.0150715 PM","AcroRd32.exe","2916","Thread Exit","","SUCCESS","Thread ID: 2292, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0178879 PM","AcroRd32.exe","2916","Thread Exit","","SUCCESS","Thread ID: 7260, User Time: 0.0312500, Kernel Time: 0.1562500"
"1:20:44.0212489 PM","AcroRd32.exe","2916","Process Exit","","SUCCESS","Exit Status: 1, User Time: 0.0312500 seconds, Kernel Time: 0.1562500 seconds, Private Bytes: 6,443,008, Peak Private Bytes: 6,529,024, Working Set: 18,354,176, Peak Working Set: 18,362,368"
"1:20:44.0214275 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:44.0214550 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:44.0216871 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 5600, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0217886 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 3780, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0219141 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 6204, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0219357 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 7860, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0220359 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 7308, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0220630 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 1248, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0221243 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 6276, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0223111 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:44.0223413 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader","SUCCESS",""
"1:20:44.0223562 PM","AcroRd32.exe","2916","IRP_MJ_CLEANUP","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:44.0223700 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:44.0254065 PM","AcroRd32.exe","2916","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:44.0471700 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 6120, User Time: 0.0000000, Kernel Time: 0.0156250"
"1:20:44.0472279 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 7432, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0472713 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 7704, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0472958 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 6588, User Time: 0.0000000, Kernel Time: 0.0000000"
"1:20:44.0491011 PM","AcroRd32.exe","3984","Thread Exit","","SUCCESS","Thread ID: 7844, User Time: 0.0312500, Kernel Time: 0.0937500"
"1:20:44.0525027 PM","AcroRd32.exe","3984","Process Exit","","SUCCESS","Exit Status: 1, User Time: 0.0625000 seconds, Kernel Time: 0.2031250 seconds, Private Bytes: 3,436,544, Peak Private Bytes: 32,616,448, Working Set: 12,619,776, Peak Working Set: 40,603,648"
"1:20:44.0526678 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:44.0527050 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984","SUCCESS",""
"1:20:44.0529003 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:44.0529157 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","F:\Users\Dancer\AppData\Local\Temp\acrord32_sbx","SUCCESS",""
"1:20:44.0531562 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32","SUCCESS",""
"1:20:44.0531743 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32","SUCCESS",""
"1:20:44.0533006 PM","AcroRd32.exe","3984","IRP_MJ_CLEANUP","C:\Windows\System32\en-US\kernel32.dll.mui","SUCCESS",""
"1:20:44.0533193 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Windows\System32\en-US\kernel32.dll.mui","SUCCESS",""
"1:20:44.0555997 PM","AcroRd32.exe","3984","IRP_MJ_CLOSE","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe","SUCCESS",""
"1:20:49.3200724 PM","RuntimeBroker.exe","6108","Thread Exit","","SUCCESS","Thread ID: 6376, User Time: 0.0000000, Kernel Time: 0.0000000"
1
Reply
1
Copy link to clipboard
Copied
Hi there
Hope you are doing well and sorry for the trouble. As described the application is not launching and you are unable to open it.
Please try to create a new test user profile with full admin rights in Windows and try using the application there and check.
If it still doesn't work, please remove the application using the Acrobat Cleaner tool - https://www.adobe.com/devnet-docs/acrobatetk/tools/Labs/cleaner.html reboot the computer once and reinstall the application using the link - https://get.adobe.com/reader/enterprise/
Regards
Amal
Get ready! An upgraded Adobe Community experience is coming in January.
Learn more
AdChoices