Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
25-934647398_4-12-2025_Coverage_Free-form-2.pdf

Overview

General Information

Sample name:25-934647398_4-12-2025_Coverage_Free-form-2.pdf
Analysis ID:1664666
MD5:cb147674fea0d69ee137330c059f00c0
SHA1:b4729ad3e0cdf54a349f7f6e83389bd18965e088
SHA256:817219b2cbd92ccc4ed7b386f6273e7a8120a50a54e14878d5c99a59a9181272
Infos:

Detection

Score:2
Range:0 - 100
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6568 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\25-934647398_4-12-2025_Coverage_Free-form-2.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5284 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7348 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1588 --field-trial-handle=1568,i,3145564767506436672,6524665940325373675,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49725 -> 23.55.253.31:80
Source: global trafficTCP traffic: 192.168.2.4:49725 -> 23.55.253.31:80
Source: global trafficTCP traffic: 23.55.253.31:80 -> 192.168.2.4:49725
Source: global trafficTCP traffic: 192.168.2.4:49725 -> 23.55.253.31:80
Source: global trafficTCP traffic: 192.168.2.4:49725 -> 23.55.253.31:80
Source: global trafficTCP traffic: 23.55.253.31:80 -> 192.168.2.4:49725
Source: global trafficTCP traffic: 23.55.253.31:80 -> 192.168.2.4:49725
Source: global trafficTCP traffic: 23.55.253.31:80 -> 192.168.2.4:49725
Source: global trafficTCP traffic: 192.168.2.4:49725 -> 23.55.253.31:80
Source: global trafficTCP traffic: 192.168.2.4:49725 -> 23.55.253.31:80
Source: Joe Sandbox ViewIP Address: 23.55.253.31 23.55.253.31
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 25-934647398_4-12-2025_Coverage_Free-form-2.pdfString found in binary or memory: http://www.aiim.org/pdfua/ns/id/
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean2.winPDF@15/32@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1040Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-14 10-43-29-741.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\25-934647398_4-12-2025_Coverage_Free-form-2.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1588 --field-trial-handle=1568,i,3145564767506436672,6524665940325373675,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1588 --field-trial-handle=1568,i,3145564767506436672,6524665940325373675,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 25-934647398_4-12-2025_Coverage_Free-form-2.pdfInitial sample: PDF keyword /JS count = 0
Source: 25-934647398_4-12-2025_Coverage_Free-form-2.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 25-934647398_4-12-2025_Coverage_Free-form-2.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: 25-934647398_4-12-2025_Coverage_Free-form-2.pdfInitial sample: PDF keyword obj count = 89
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System2
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1664666 Sample: 25-934647398_4-12-2025_Cove... Startdate: 14/04/2025 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 16 e8652.dscx.akamaiedge.net 2->16 18 crl.root-x1.letsencrypt.org.edgekey.net 2->18 7 Acrobat.exe 17 69 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        dnsIp5 20 e8652.dscx.akamaiedge.net 23.55.253.31, 49725, 80 AKAMAI-ASN1EU United States 9->20 12 AcroCEF.exe 2 9->12         started        process6

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.aiim.org/pdfua/ns/id/0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
e8652.dscx.akamaiedge.net
23.55.253.31
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/false
        		high
        NameSourceMaliciousAntivirus DetectionReputation
        http://www.aiim.org/pdfua/ns/id/25-934647398_4-12-2025_Coverage_Free-form-2.pdffalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        23.55.253.31
        		e8652.dscx.akamaiedge.netUnited States
        		20940AKAMAI-ASN1EUfalse

        General Information

        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1664666
        Start date and time:2025-04-14 16:42:26 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 13s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:22
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:25-934647398_4-12-2025_Coverage_Free-form-2.pdf
        Detection:CLEAN
        Classification:clean2.winPDF@15/32@1/1
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 184.31.60.185, 23.209.188.149, 23.209.188.151, 54.224.241.105, 50.16.47.176, 18.213.11.84, 34.237.241.83, 162.159.61.3, 172.64.41.3, 23.218.145.76, 23.218.145.145, 23.48.246.132, 23.48.246.137, 23.76.34.6, 184.25.164.138, 172.202.163.200, 20.12.23.50, 184.31.62.96
        • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, c.pki.goog, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information

        Simulations

        Behavior and APIs

        TimeTypeDescription
        10:43:39API Interceptor2x Sleep call for process: AcroCEF.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        23.55.253.31ShareFile received.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        (No subject).emlGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        6LqQVR.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        66eff1749fcc1c59482cc595_1428835357.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        67206033746876a86fcf0b0e_61190934873.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        672327232a2b5a0da729714a_62573688605.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        e8652.dscx.akamaiedge.netSTATEMENT OF OVERDUE INVOICES ---MARCH2025.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
        • 23.207.49.54
        6499151747.pdfGet hashmaliciousUnknownBrowse
        • 23.207.53.54
        yap.batGet hashmaliciousKoadicBrowse
        • 23.207.49.54
        RE_0078234567965441.pdf.wsfGet hashmaliciousKoadicBrowse
        • 23.207.49.54
        ShareFile received.pdfGet hashmaliciousUnknownBrowse
        • 23.55.253.31
        SecuriteInfo.com.Win32.MalwareX-gen.5654.2590.exeGet hashmaliciousLummaC StealerBrowse
        • 23.207.49.54
        SecuriteInfo.com.Trojan.Heur.TP.RuW@bOo3uBfc.2836.5163.exeGet hashmaliciousLummaC StealerBrowse
        • 23.216.73.76
        SecuriteInfo.com.Win32.MalwareX-gen.30756.7481.exeGet hashmaliciousLummaC StealerBrowse
        • 23.207.49.54
        SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeGet hashmaliciousLummaC StealerBrowse
        • 23.207.49.54
        (No subject).emlGet hashmaliciousUnknownBrowse
        • 23.55.253.31

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        AKAMAI-ASN1EUhttps://insights.sphera.com/e/272282/-24x3k8j-email-Recipient-Email/24x3mys/1733612915/h/SMbb5-i77eivzxRCGQTo5zh9LysX5uo-QExLIRrtM4IGet hashmaliciousUnknownBrowse
        • 173.222.249.89
        6499151747.pdfGet hashmaliciousUnknownBrowse
        • 173.222.249.89
        splm68k.elfGet hashmaliciousUnknownBrowse
        • 204.237.188.43
        jklx86.elfGet hashmaliciousUnknownBrowse
        • 96.17.149.171
        arm7.elfGet hashmaliciousMiraiBrowse
        • 23.215.35.38
        nklarm5.elfGet hashmaliciousUnknownBrowse
        • 23.78.146.169
        splspc.elfGet hashmaliciousUnknownBrowse
        • 184.51.58.25
        5720e842-dc66-4fb1-8c19-da1e9624ebfa.emlGet hashmaliciousUnknownBrowse
        • 23.0.175.57
        documentoytarjetapdf_8541963143.jsGet hashmaliciousAsyncRAT, PureLog Stealer, zgRATBrowse
        • 23.48.246.132
        https://onlyfans.com/bigmouthxfreeGet hashmaliciousUnknownBrowse
        • 23.0.162.215

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.150272440899582
        Encrypted:false
        SSDEEP:6:iORPxfEyq2Pwkn2nKuAl9OmbnIFUtDPb1Zmw9PNRkwOwkn2nKuAl9OmbjLJ:7RDvYfHAahFUtDj1/9D5JfHAaSJ
        MD5:06A583383CF71673363A1EEB0F3BFCA8
        SHA1:61DDD3A34491B551220EC8EE5F696189DE22C61D
        SHA-256:54DD47060394A7F25423FDE9B5E7D34425819D67CF3691E60640FDDBF9E25846
        SHA-512:B3FB436FCC8096C301AA34955CCB5B5106ABD735594AA047AEB18DA7A6EC319CA25FBE2A13509466F263E69FC1C93105936E4DE72394115CB4F7A9E7AF488BE5
        Malicious:false
        Reputation:low
        Preview:2025/04/14-10:43:28.241 1c14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/14-10:43:28.244 1c14 Recovering log #3.2025/04/14-10:43:28.244 1c14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.150272440899582
        Encrypted:false
        SSDEEP:6:iORPxfEyq2Pwkn2nKuAl9OmbnIFUtDPb1Zmw9PNRkwOwkn2nKuAl9OmbjLJ:7RDvYfHAahFUtDj1/9D5JfHAaSJ
        MD5:06A583383CF71673363A1EEB0F3BFCA8
        SHA1:61DDD3A34491B551220EC8EE5F696189DE22C61D
        SHA-256:54DD47060394A7F25423FDE9B5E7D34425819D67CF3691E60640FDDBF9E25846
        SHA-512:B3FB436FCC8096C301AA34955CCB5B5106ABD735594AA047AEB18DA7A6EC319CA25FBE2A13509466F263E69FC1C93105936E4DE72394115CB4F7A9E7AF488BE5
        Malicious:false
        Reputation:low
        Preview:2025/04/14-10:43:28.241 1c14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/14-10:43:28.244 1c14 Recovering log #3.2025/04/14-10:43:28.244 1c14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.145578672345733
        Encrypted:false
        SSDEEP:6:iORPpIq2Pwkn2nKuAl9Ombzo2jMGIFUtDP4pZZmw9P4pzkwOwkn2nKuAl9Ombzos:7RSvYfHAa8uFUtD6Z/96z5JfHAa8RJ
        MD5:37E3AA6AE8B635A61646CF842C230E0D
        SHA1:CC0D2A02215CFD00B41536C67F2F4D9C7A60FDFA
        SHA-256:C3D23B3B18CE3B2FE625695801725B4F802AF4EB744AE59700030DDAC2EA2947
        SHA-512:133F621F6AFFD589E78AE98B45D329979ED4288282A0ABCA5B600EA695C4D8163B0287825ADC8682D37C68CAF86F8D10DC6450D8BCE8C3D4CA0F1DD57AD2D8F9
        Malicious:false
        Reputation:low
        Preview:2025/04/14-10:43:28.082 1cc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/14-10:43:28.085 1cc0 Recovering log #3.2025/04/14-10:43:28.085 1cc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.145578672345733
        Encrypted:false
        SSDEEP:6:iORPpIq2Pwkn2nKuAl9Ombzo2jMGIFUtDP4pZZmw9P4pzkwOwkn2nKuAl9Ombzos:7RSvYfHAa8uFUtD6Z/96z5JfHAa8RJ
        MD5:37E3AA6AE8B635A61646CF842C230E0D
        SHA1:CC0D2A02215CFD00B41536C67F2F4D9C7A60FDFA
        SHA-256:C3D23B3B18CE3B2FE625695801725B4F802AF4EB744AE59700030DDAC2EA2947
        SHA-512:133F621F6AFFD589E78AE98B45D329979ED4288282A0ABCA5B600EA695C4D8163B0287825ADC8682D37C68CAF86F8D10DC6450D8BCE8C3D4CA0F1DD57AD2D8F9
        Malicious:false
        Reputation:low
        Preview:2025/04/14-10:43:28.082 1cc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/14-10:43:28.085 1cc0 Recovering log #3.2025/04/14-10:43:28.085 1cc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\952e4a65-9263-4bf6-808c-b76e66eccba0.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):475
        Entropy (8bit):4.95929603600269
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqgsBdOg2Hycaq3QYiubInP7E4T3y:Y2sRdscdMHd3QYhbG7nby
        MD5:BB6EA46440CA50A85191B50E1690D5FB
        SHA1:EDB7473D363A2F38E95004C778F16174D353995E
        SHA-256:715FB344B15423E4A500112D38D2C66507854A0299C9BC16D427A65F0CF6C4ED
        SHA-512:BB28CEC3FAFDE6432660CCA03ED7618498E668798E8BB5BBCD389F8C99FD4F79478345B5AE328ABD1358F633ED7E9F6CF9BDE7F7ABBC198624A40EEAAD4C2F60
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389201819519532","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":108948},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.95929603600269
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqgsBdOg2Hycaq3QYiubInP7E4T3y:Y2sRdscdMHd3QYhbG7nby
        MD5:BB6EA46440CA50A85191B50E1690D5FB
        SHA1:EDB7473D363A2F38E95004C778F16174D353995E
        SHA-256:715FB344B15423E4A500112D38D2C66507854A0299C9BC16D427A65F0CF6C4ED
        SHA-512:BB28CEC3FAFDE6432660CCA03ED7618498E668798E8BB5BBCD389F8C99FD4F79478345B5AE328ABD1358F633ED7E9F6CF9BDE7F7ABBC198624A40EEAAD4C2F60
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389201819519532","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":108948},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4730
        Entropy (8bit):5.257424916393558
        Encrypted:false
        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7pAvhuxZZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goL
        MD5:B1ACBB83495F4D058BDA3ACBD9FE71BF
        SHA1:585E838B7163FB1BDF1D62FE6961E7743B5D474F
        SHA-256:120513C58F4A4AAFB7DF54B717D0070CA904CB0C7C2C9630255ACCEC4FC01DF4
        SHA-512:53464D307523D44B178071CD85815B7833629BD9E5B066757A5939336C323399737DEB79E1651846691303F66B52E810144C5375170C09FE3AA6D22A8568656D
        Malicious:false
        Reputation:low
        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.156790788411095
        Encrypted:false
        SSDEEP:6:iORPdAq2Pwkn2nKuAl9OmbzNMxIFUtDPTGZZmw9PeuzFzkwOwkn2nKuAl9OmbzNq:7RWvYfHAa8jFUtD2/9WoFz5JfHAa84J
        MD5:7609BE512A3BCDCCAA04E319805D9DC3
        SHA1:92F6CC7715165F672D245E9BF721C7ACB537E9A6
        SHA-256:E4D7B5D5EF0BDDD1FF354C1E0593F43B9847B1AEE1C02F3C4CCCC793B675A473
        SHA-512:6E41AF6F293189CEDF28225A781057CBDA93CC9C8BEE6D8DE35009802343823C38148D524748E94CEC27660E8E9F47ED4BB96DEB2BB3B407F5E90F71E3E70AE1
        Malicious:false
        Reputation:low
        Preview:2025/04/14-10:43:28.338 1cc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/14-10:43:28.342 1cc0 Recovering log #3.2025/04/14-10:43:28.345 1cc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.156790788411095
        Encrypted:false
        SSDEEP:6:iORPdAq2Pwkn2nKuAl9OmbzNMxIFUtDPTGZZmw9PeuzFzkwOwkn2nKuAl9OmbzNq:7RWvYfHAa8jFUtD2/9WoFz5JfHAa84J
        MD5:7609BE512A3BCDCCAA04E319805D9DC3
        SHA1:92F6CC7715165F672D245E9BF721C7ACB537E9A6
        SHA-256:E4D7B5D5EF0BDDD1FF354C1E0593F43B9847B1AEE1C02F3C4CCCC793B675A473
        SHA-512:6E41AF6F293189CEDF28225A781057CBDA93CC9C8BEE6D8DE35009802343823C38148D524748E94CEC27660E8E9F47ED4BB96DEB2BB3B407F5E90F71E3E70AE1
        Malicious:false
        Reputation:low
        Preview:2025/04/14-10:43:28.338 1cc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/14-10:43:28.342 1cc0 Recovering log #3.2025/04/14-10:43:28.345 1cc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250414144332Z-206.bmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 110 x -152 x 32, cbSize 66934, bits offset 54
        Category:dropped
        Size (bytes):66934
        Entropy (8bit):0.8837479623345703
        Encrypted:false
        SSDEEP:96:8MHMbBPC0QcKd7/MqlM01MJMMMMiMI9fjSovMHMGvTYP0:wCpckaKeVZ
        MD5:8ECE18D0BC97C8B2A18A65784CB69ED3
        SHA1:ECA51324467823AA2FA142373664D184E8BF1838
        SHA-256:23E1CEC89E438DF479DA76C5BD2B501FE0B012BAAD5FF7328990DA4786DC66C6
        SHA-512:FFE5794C0B697E6BB941124CA3CE04CE276C23CA2474B74243E3CC81FE707D60262E5EDE3707A81A9759B0DA548A22BCCAE16D34306A9411A7CF7254DF598BD6
        Malicious:false
        Reputation:low
        Preview:BMv.......6...(...n...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
        Category:dropped
        Size (bytes):86016
        Entropy (8bit):4.445319323856837
        Encrypted:false
        SSDEEP:384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL
        MD5:9BBB8AC81E5CF2617392BC448D0390DA
        SHA1:3208CAEECC7D4ED3A99919EC851DB1D5AC6D9B06
        SHA-256:540BE18E6FFF17E541F578DD084E35902642884F22C070F02D33FB272ED64E83
        SHA-512:ABD895D001030708FEC36AE1B77897CCD44B3C182364345308CB5C7B4874E12EA0CBEEB1EE28CFF465EF68DBCB55D3F5DE88208A53DFA4C2A8E494B57E1EAD3E
        Malicious:false
        Reputation:low
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):3.773651146946074
        Encrypted:false
        SSDEEP:48:7MSp/E2ioyVFioy9oWoy1Cwoy1pKOioy1noy1AYoy1Wioy1hioybioy1oy1noy1L:7ppjuFFsXKQkgb9IVXEBodRBke
        MD5:3110B8EE6451DE1A8BF26A208430039A
        SHA1:31A74CB2DA05BF75DDDBFFA8EDFFD8550AF75F76
        SHA-256:9E57E13F507683DC81FCAE665C09DC7E58CF3A3FECD6E4702EE9DC68F1104E22
        SHA-512:269A301490BFDECAB9846AD5E7833DF99A5DA36E006C47BD7528629875A939E1C40C05290C95C51DDDEE7665EAC42D108326ECF91ECB196682502C26B01A6004
        Malicious:false
        Preview:.... .c......_.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):73305
        Entropy (8bit):7.996028107841645
        Encrypted:true
        SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
        MD5:83142242E97B8953C386F988AA694E4A
        SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
        SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
        SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
        Malicious:false
        Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.7381013623686155
        Encrypted:false
        SSDEEP:3:kkFkloYNjtfllXlE/HT8kAzl1NNX8RolJuRdxLlGB9lQRYwpDdt:kKxOjeT8xNMa8RdWBwRd
        MD5:83FA5C3A0F18792034E433328D9B6DF4
        SHA1:4EF9926635DC470ABDC0E47BD4473D65C5E5A3EB
        SHA-256:FF4EC9F5ED17B6C71FE35F7875E93B006ABEEE302566BE88497D4D9AB1DCA7FD
        SHA-512:D7CC4BB4D752969BB65538959D24165D33FEA73101897ADC172B3C496DC6F1C727F4EFB1052D304D42B9DFE2BD31D2EE3A245BDAD6B5210E57F1C5A86692E8C6
        Malicious:false
        Preview:p...... .........}..K...(....................................................... ..........W....z...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):330
        Entropy (8bit):3.1836515609579115
        Encrypted:false
        SSDEEP:6:kKuLesImcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:cesImCkPlE99SNxAhUeq8S
        MD5:D7FA1899B2D524444213DCF5307FF2D5
        SHA1:1C23F613CE5AB07507527E4738DDA56A4E19815D
        SHA-256:EBDE8852A33B79F45BA2F70DABCEC418126730CF0BF661F42B729F444ACBEC07
        SHA-512:A93A6394D45385FEE1174B4EF42DD19528B49CD787368E8EF4C9B34FBFFDCD37F9B69C8FD1B829B3608CE7AC217E557859A6A9F1F8A9DDFC2CDF88D80A85918F
        Malicious:false
        Preview:p...... .........y<.K...(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1040

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):244533
        Entropy (8bit):3.349719355811052
        Encrypted:false
        SSDEEP:1536:ZKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:YPClJ/3AYvYwghFo+RQn
        MD5:9716CB5647DF853DEE118D2B63941AD6
        SHA1:694F6157C10FA57DC58211460B695A4E44760EFD
        SHA-256:575A4D13744E8EF45E7D6FCE4E93BE2EF7923487216CE58B1BA68D54060DCBB6
        SHA-512:E82B0380530C58423D95B7C0DF7FC29DC4E2A2E14203C79FA9A60D66FA39E142CD5944258441D2AF80AD5BD5CAAADCE0B6C1E523D621A2B7A73D20782578EE2D
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2145
        Entropy (8bit):5.067389733088111
        Encrypted:false
        SSDEEP:48:Y02sL0/EY0bMSlMtCM5mMOpiMAW0MretMSMmkaMY:Sv/SYtt55V6AWLre6JmkhY
        MD5:CF8CC8A0E41CE7748860C922716101A7
        SHA1:CF48CD7DA100558A77A0F0A01C2A305DEC3FDFD8
        SHA-256:0BAC883A079A7152844B35131C25872882985882F7AF032FB62597612DE59A28
        SHA-512:86974F8C6D1A3B34099E6A15A316797878EC2BAE019187ECB75B0B83343FA294C1874742CC622C1A318A35C6B2B2A244CFE7A94DDE5E22495AC5DD74BC122FB2
        Malicious:false
        Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1744641812000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"23c88c8acf166d9fda5ae4d83df3db72","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696420889000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d5fa85f4cf271b5fa75367efd1b392fa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696420884000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"7c2ad79e375e3ea39f82a389e8a5841f","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696420882000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c3af48ba3dee086edbbf20dff46c7ee0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696333862000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"7101e009d8bf8920d0a3dd3f5dc75ebc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696333862000},{"id":"DC_Reader_Edit_LHP_Banner"

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):1.1891831644365427
        Encrypted:false
        SSDEEP:48:TGufl2GL7msEHUUUUUUUUWSvR9H9vxFGiDIAEkGVvpU:lNVmswUUUUUUUUW+FGSItQ
        MD5:6C63521FB0A72E02BC38E45F01CEE3C9
        SHA1:57E5BA64F421685D870EDBD007B32F273E5312FF
        SHA-256:85DA6642DB8109213314A6F780E4C40EDCCD67D3EAA1B23E82989F921EE9E36D
        SHA-512:1BACD043019CA20BC17C307EE1156CB60D407BDE716FC9A5FBFF90E33241108868E7D38893040A08D726B1C0CF37DAAB51FB7F0E6C33F74569AED35CBA938CEF
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.6079448546406099
        Encrypted:false
        SSDEEP:48:7MhKUUUUUUUUUU0vR9H9vxFGiDIAEkGVvAqFl2GL7msr:7PUUUUUUUUUUkFGSItGKVmsr
        MD5:529DF8B42DEC7081601B4CF14BF2555C
        SHA1:6E00B442CB3F7589A3D4767F9AF3B2823817C391
        SHA-256:693C8A5C4578A4B0111842470853AD65DF173AE49B0338C200BAEEC1F495D14A
        SHA-512:7C3EC9BF867817F6B52FB76AEE9B058ACF97647A1E8AE1B177DA4413DBAB6FD2A53DC90DD9B2EBC5B6384374BA7A19CB717EC8E57D8BE2806A824382691D5DB7
        Malicious:false
        Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSIb24d1.LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.5248044522866877
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84RClEdNgzH:Qw946cPbiOxDlbYnuRKhc
        MD5:478C90F8F2EF7C21640BD242680EECBE
        SHA1:789A3ADE1E004E974058BFF0A500BE9924752FF4
        SHA-256:505C9A370D3DE2A23B5ACD3C0EE93D1A616276A23590E8982DD2ACA2EE1DEF7E
        SHA-512:4191D75B6010FD4EFAD2285114A3A9D12C0D672A2168CB0369D30B939FF12C4E9D631C86C9FDF7F243C0E43F265D8B05EDB8782F572043B802B4BEA109A99DF0
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.4./.0.4./.2.0.2.5. . .1.0.:.4.3.:.3.5. .=.=.=.....

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91iwxywe_hy3upd_sw.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):925952
        Entropy (8bit):2.3464972747223825
        Encrypted:false
        SSDEEP:3072:DoVEWBraU83DEt0dltlV7RzLCMKhflDpntrRvuBg18KImkCQ+M6Y2U2/Trh7H1fV:uEU8rR8rjpzp3G3i
        MD5:F531985B5D8554505116D2D24539B60C
        SHA1:E9756E88F50B7E1D1844585166FAEEECD44DA345
        SHA-256:79F0165C9E83E839707239663D98FC7D6A57206964A1B33908B7C5A03A53EBA7
        SHA-512:10367FAAD06C1956BB6B06A561487FAE6186AEA89DAE10F637E9A148FCC678CB2EE1B226C2C3026EECB697933DDC208E7B2B709C59B4D7E9BC35A18CB0D566C9
        Malicious:false
        Preview:............................................................................................................................................................................-...)...A12_acrobat_multiFile_generic_dark_32.pdf...................................................................................................8...........................................................................................................%...!...A12_acrobat_parcel_generic_64.pdf...........................................................................................................9...........................................................................................................*...&...A12_acrobat_parcel_generic_dark_32.pdf......................................................................................................:...........................................................................................................*...&...A12_acrobat_parcel_generic_dark_64.pdf..............

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-14 10-43-29-741.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.345946398610936
        Encrypted:false
        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
        Malicious:false
        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):16603
        Entropy (8bit):5.350465322465793
        Encrypted:false
        SSDEEP:384:/m8/UHc7PkRUb7nb9MHTMCfi+Rc/FL799qMBHNN/HtwSffXCihxjY7FMxoCFj4QO:rvgF
        MD5:FAF1D631ADFAF3FC4E990F9DFA59207D
        SHA1:3B3BFA9085ADB65B944BBB6F5F866E38B5AA2577
        SHA-256:7AA417828535B2BED0FEF6901F6989A837A05F05E4926E2A87A653090F1B5DDB
        SHA-512:150E8FACF60F25375D034E2D521EAC671D090B8C7254E1D4D0A9D3E7CB12A14D0AA1F7E030EC60058595569303A75CB14B94A6988C551F72F2053639122B4A54
        Malicious:false
        Preview:SessionID=9efe1202-fd88-460a-bbd4-83be6c323bba.1744641809798 Timestamp=2025-04-14T10:43:29:798-0400 ThreadID=5612 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9efe1202-fd88-460a-bbd4-83be6c323bba.1744641809798 Timestamp=2025-04-14T10:43:29:800-0400 ThreadID=5612 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9efe1202-fd88-460a-bbd4-83be6c323bba.1744641809798 Timestamp=2025-04-14T10:43:29:800-0400 ThreadID=5612 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9efe1202-fd88-460a-bbd4-83be6c323bba.1744641809798 Timestamp=2025-04-14T10:43:29:800-0400 ThreadID=5612 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9efe1202-fd88-460a-bbd4-83be6c323bba.1744641809798 Timestamp=2025-04-14T10:43:29:800-0400 ThreadID=5612 Component=ngl-lib_NglAppLib Description="SetConf

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29845
        Entropy (8bit):5.386072179598744
        Encrypted:false
        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r0:wMM
        MD5:1ACCB7BA84D8EDDE7A6D49880B07529E
        SHA1:7F047DF360D652A88E17D86C44053C6A12A9DE49
        SHA-256:90D29273690AA33A414315E4ADA12DB8641307BE2221836CD07B90B0351AC274
        SHA-512:DA6523C8F32B24894D03839457EBE0FEFF718F19E8721321D04826415EBF57977CDE8DCC6C27A3B1F5A381CF50B0E51A5105B506CBA23CF47A8FC48FA2229C77
        Malicious:false
        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

        C:\Users\user\AppData\Local\Temp\acrocef_low\3183a8c4-4af4-4c39-8fdb-d4b10683ad30.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

        C:\Users\user\AppData\Local\Temp\acrocef_low\64a949ea-1a74-4fdd-a877-04dbe191a3b7.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

        C:\Users\user\AppData\Local\Temp\acrocef_low\711dff0a-4e98-4011-b66f-45c2b3fae7db.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/yowYIGNP4bdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oBGZd:twZG6b3mlind9i4ufFXpAXkrfUs0qWLa
        MD5:8D04FDC5022E491B91EC6B32F003430B
        SHA1:6619D46E06076B5669D4CC677D6D8F638189E46A
        SHA-256:7682C53053D66EF0B1A89335C88C4420226B10AFAC87A286E6E1A6BC795FEE61
        SHA-512:AA96FA56D3C5C4200BAA917D3091ADB1A5FAE7D534DD9C909D8B60AE13E902D6B71D42C2823319483414987E4B41079FA241B3D0A384EE4B281B63F834917E7D
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\c0f46adf-fef2-4c7f-a103-aee483bab457.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:6D0WL07oDGZswYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:c0WLxDGZswZGh3mlind9i4ufFXpAXkru
        MD5:585EFF39D9FEF7183354805AFC2389B2
        SHA1:4D8B1386D70227DC30C7B4AF0F1053E5ABFF4F23
        SHA-256:E901E0C2BCDF07BB5AF8DC0DDF23CB297BDD05EC1D1FB7FF867F7D25E59CFCF2
        SHA-512:E61921615AB814A84E2A4FFCCBFB8D2CBB5BBAEE3FE5632BCD9BF585AF407CE476B8A68BE0AB89259275223F6D1B21B73648BB8DE6683A118DA634EE31C9C00F
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        Static File Info

        General

        File type:PDF document, version 1.7, 2 pages (zip deflate encoded)
        Entropy (8bit):7.658825060312362
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:25-934647398_4-12-2025_Coverage_Free-form-2.pdf
        File size:64'048 bytes
        MD5:cb147674fea0d69ee137330c059f00c0
        SHA1:b4729ad3e0cdf54a349f7f6e83389bd18965e088
        SHA256:817219b2cbd92ccc4ed7b386f6273e7a8120a50a54e14878d5c99a59a9181272
        SHA512:83b2212f443ae45d1cac0a7a9e3970389aa1e1568f55622e37a7882f95e834398a7553f5969c905c93b9f79492e5fe674bfda500e2ee67a4f9cd5f4b87f0b59f
        SSDEEP:768:3kuO7bjcJAbZxVcT0yU/msaFgUu6/7zy1230ci++ystAbAGL4ilKnoP9xATzhKKH:3H+cJw7rFkgwvinystm8YxAotK+kFHsO
        TLSH:13539F40D45ABC8CFC87D67A0871382A4A2DB16B7CCC7CC5356F4F51A744783AE8AAD9
        File Content Preview:%PDF-1.7.%.....6 0 obj.<</Filter/FlateDecode/Length 1162>>stream.x...ao.8....W.t.n+.`;...V+..-.R..v..~q...A.:.......R.osTU.(<3..;~.......H..o.\........../_.........=..?.FY(T.# .#.D...s. .4L..(LWA{.gy.....A{......P...".N..9...G..L....+.)B8Lf......m.<....w.

        File Icon

        Icon Hash:62cc8caeb29e8ae0

        Static PDF Info

        General

        Header:%PDF-1.7
        Total Entropy:7.658825
        Total Bytes:64048
        Stream Entropy:7.834109
        Stream Bytes:52257
        Entropy outside Streams:5.067692
        Bytes outside Streams:11791
        Number of EOF found:1
        Bytes after EOF:
        NameCount
        obj89
        endobj89
        stream6
        endstream6
        xref1
        trailer1
        startxref1
        /Page2
        /Encrypt0
        /ObjStm0
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0
        IDDHASHMD5Preview
        140100372b1b27000383bfdb9ca65a96a0ac07a33ee4b26ee9

        Network Behavior

        Download Network PCAP: filteredfull

        Network Port Distribution

        • Total Packets: 6
        • 80 (HTTP)
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Apr 14, 2025 16:43:40.305074930 CEST4972580192.168.2.423.55.253.31
        Apr 14, 2025 16:43:40.411708117 CEST804972523.55.253.31192.168.2.4
        Apr 14, 2025 16:43:40.411815882 CEST4972580192.168.2.423.55.253.31
        Apr 14, 2025 16:43:40.411959887 CEST4972580192.168.2.423.55.253.31
        Apr 14, 2025 16:43:40.518496990 CEST804972523.55.253.31192.168.2.4
        Apr 14, 2025 16:43:40.519104004 CEST804972523.55.253.31192.168.2.4
        Apr 14, 2025 16:43:40.519125938 CEST804972523.55.253.31192.168.2.4
        Apr 14, 2025 16:43:40.519192934 CEST4972580192.168.2.423.55.253.31
        Apr 14, 2025 16:43:52.140825033 CEST4972580192.168.2.423.55.253.31
        TimestampSource PortDest PortSource IPDest IP
        Apr 14, 2025 16:43:40.192239046 CEST5018453192.168.2.41.1.1.1
        Apr 14, 2025 16:43:40.301400900 CEST53501841.1.1.1192.168.2.4

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Apr 14, 2025 16:43:40.192239046 CEST192.168.2.41.1.1.10xe63dStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Apr 14, 2025 16:43:40.301400900 CEST1.1.1.1192.168.2.40xe63dNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Apr 14, 2025 16:43:40.301400900 CEST1.1.1.1192.168.2.40xe63dNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
        Apr 14, 2025 16:43:40.301400900 CEST1.1.1.1192.168.2.40xe63dNo error (0)e8652.dscx.akamaiedge.net23.55.253.31A (IP address)IN (0x0001)false

        HTTP Request Dependency Graph

        • x1.i.lencr.org

        HTTP Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.44972523.55.253.31805284C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        TimestampBytes transferredDirectionData
        Apr 14, 2025 16:43:40.411959887 CEST115OUTGET / HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        User-Agent: Microsoft-CryptoAPI/10.0
        Host: x1.i.lencr.org
        Apr 14, 2025 16:43:40.519104004 CEST1358INHTTP/1.1 200 OK
        Server: nginx
        Content-Type: application/pkix-cert
        Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
        ETag: "64cd6654-56f"
        Content-Disposition: attachment; filename="ISRG Root X1.der"
        Cache-Control: max-age=52602
        Expires: Tue, 15 Apr 2025 05:20:22 GMT
        Date: Mon, 14 Apr 2025 14:43:40 GMT
        Content-Length: 1391
        Connection: keep-alive
        Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
        Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"
        Apr 14, 2025 16:43:40.519125938 CEST387INData Raw: 0e 8f f2 8a 34 5b 58 d8 fc 01 c9 54 b9 b8 26 cc 8a 88 33 89 4c 2d 84 3c 82 df ee 96 57 05 ba 2c bb f7 c4 b7 c7 4e 3b 82 be 31 c8 22 73 73 92 d1 c2 80 a4 39 39 10 33 23 82 4c 3c 9f 86 b2 55 98 1d be 29 86 8c 22 9b 9e e2 6b 3b 57 3a 82 70 4d dc 09
        Data Ascii: 4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^FS|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$


        Statistics

        CPU Usage

        050100s020406080100

        Click to jump to process

        Memory Usage

        050100s0.00204060MB

        Click to jump to process

        High Level Behavior Distribution

        • File
        • Registry

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:10:43:25
        Start date:14/04/2025
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\25-934647398_4-12-2025_Coverage_Free-form-2.pdf"
        Imagebase:0x7ff7f3500000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true
        Show Windows behavior

        File Activities

        Show Windows behavior

        Section Activities

        Show Windows behavior

        Registry Activities

        Show Windows behavior

        COM Activities

        Show Windows behavior

        Mutex Activities

        Show Windows behavior

        Process Activities

        Show Windows behavior

        Thread Activities

        Show Windows behavior

        Memory Activities

        Show Windows behavior

        System Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Windows UI Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        General

        Target ID:1
        Start time:10:43:26
        Start date:14/04/2025
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff75a3d0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true
        Show Windows behavior

        File Activities

        Show Windows behavior

        Section Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Mutex Activities

        Show Windows behavior

        Process Activities

        Show Windows behavior

        Thread Activities

        Show Windows behavior

        Memory Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Process Token Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        General

        Target ID:3
        Start time:10:43:28
        Start date:14/04/2025
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1588 --field-trial-handle=1568,i,3145564767506436672,6524665940325373675,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff75a3d0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Section Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Process Activities

        Show Windows behavior

        Thread Activities

        Show Windows behavior

        Memory Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        Disassembly

        No disassembly