Edit tour

Windows Analysis Report
RamitBharanikumarResume (1).pdf

Overview

General Information

Sample name:	RamitBharanikumarResume (1).pdf
Analysis ID:	1670416
MD5:	13fe24fda47616cc75c94c531ebbe788
SHA1:	fe43f070078c059b2807b41d4fc643960293d5f3
SHA256:	58d6a3ebbab6bcdcfb690ab42599962f3f5eede353f1fdd74cdf99ace2d93ecc
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 8148 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\RamitBharanikumarResume (1).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7748 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 1020 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1568,i,16450863793001682819,4642200168295607468,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• System Summary
• Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@16/41@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-21 11-57-44-390.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\RamitBharanikumarResume (1).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1568,i,16450863793001682819,4642200168295607468,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1568,i,16450863793001682819,4642200168295607468,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: RamitBharanikumarResume (1).pdf	Initial sample: PDF keyword /JS count = 0
Source: RamitBharanikumarResume (1).pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: RamitBharanikumarResume (1).pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1670416
Start date and time:	2025-04-21 17:56:48 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	RamitBharanikumarResume (1).pdf
Detection:	CLEAN
Classification:	clean0.winPDF@16/41@0/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.194.100.185, 52.6.155.20, 3.233.129.217, 52.22.41.97, 3.219.243.226, 172.64.41.3, 162.159.61.3, 23.209.84.41, 23.209.84.25, 23.209.84.11, 23.209.84.77, 23.209.84.4, 23.209.84.12, 23.209.84.40, 23.209.84.63, 23.209.84.67, 23.209.84.31, 23.209.84.46, 23.209.84.83, 23.209.84.42, 184.29.183.29, 50.16.47.176, 23.202.56.131, 20.109.210.53, 23.194.102.106
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, c.pki.goog, storeedgefd.dsx.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2107721523386505
Encrypted:	false
SSDEEP:	6:iOR1SuM9+q2P92nKuAl9OmbnIFUtD1Q/JZmw91Q/9VkwO92nKuAl9OmbjLJ:7R1SuM4v4HAahFUtD1aJ/91aD5LHAaSJ
MD5:	C878B391AD7143D140F6AEBF9DE0BEDE
SHA1:	DD17C717D5CFEDD0E72351309178A0427C6E6470
SHA-256:	6D9DFCDB81AA10DC350374711FEB1F0A8C77EE9D41B29956A6A6FA0F3254E606
SHA-512:	8680A6C787779756D5C0E286E37E5CCDF58ECD5B5B25F858B716E969507C10164EC975071EE704A1107F8010E51FBAF44C30DC5F7EB928FDF8BB91797BDC6627
Malicious:	false
Reputation:	low
Preview:	2025/04/21-11:57:43.085 1e28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/21-11:57:43.087 1e28 Recovering log #3.2025/04/21-11:57:43.087 1e28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2107721523386505
Encrypted:	false
SSDEEP:	6:iOR1SuM9+q2P92nKuAl9OmbnIFUtD1Q/JZmw91Q/9VkwO92nKuAl9OmbjLJ:7R1SuM4v4HAahFUtD1aJ/91aD5LHAaSJ
MD5:	C878B391AD7143D140F6AEBF9DE0BEDE
SHA1:	DD17C717D5CFEDD0E72351309178A0427C6E6470
SHA-256:	6D9DFCDB81AA10DC350374711FEB1F0A8C77EE9D41B29956A6A6FA0F3254E606
SHA-512:	8680A6C787779756D5C0E286E37E5CCDF58ECD5B5B25F858B716E969507C10164EC975071EE704A1107F8010E51FBAF44C30DC5F7EB928FDF8BB91797BDC6627
Malicious:	false
Reputation:	low
Preview:	2025/04/21-11:57:43.085 1e28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/21-11:57:43.087 1e28 Recovering log #3.2025/04/21-11:57:43.087 1e28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.2330941474219435
Encrypted:	false
SSDEEP:	6:iORHT1N+q2P92nKuAl9Ombzo2jMGIFUtDEmZmw93yNVkwO92nKuAl9Ombzo2jMmd:7Rz1N+v4HAa8uFUtDEm/93CV5LHAa8RJ
MD5:	256087D653D629D6AA6C121BA8FC3A8A
SHA1:	78BD7E8698D1107363DE26D2F12D835D7C0C1DB3
SHA-256:	880D6AEBD521275B9DB349266D1D8546826378CF10B70F8035855937B99323B3
SHA-512:	A28D401EE7D345C2F7491A57FD03053F83203560A4B18EFAA73A01AA129A55606F4C8DB0BADBFDCFE74400F764F4B085F73E627E121CA0F97ED0E8FF390B9AD4
Malicious:	false
Reputation:	low
Preview:	2025/04/21-11:57:42.943 169c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/21-11:57:42.947 169c Recovering log #3.2025/04/21-11:57:42.948 169c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.2330941474219435
Encrypted:	false
SSDEEP:	6:iORHT1N+q2P92nKuAl9Ombzo2jMGIFUtDEmZmw93yNVkwO92nKuAl9Ombzo2jMmd:7Rz1N+v4HAa8uFUtDEm/93CV5LHAa8RJ
MD5:	256087D653D629D6AA6C121BA8FC3A8A
SHA1:	78BD7E8698D1107363DE26D2F12D835D7C0C1DB3
SHA-256:	880D6AEBD521275B9DB349266D1D8546826378CF10B70F8035855937B99323B3
SHA-512:	A28D401EE7D345C2F7491A57FD03053F83203560A4B18EFAA73A01AA129A55606F4C8DB0BADBFDCFE74400F764F4B085F73E627E121CA0F97ED0E8FF390B9AD4
Malicious:	false
Reputation:	low
Preview:	2025/04/21-11:57:42.943 169c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/21-11:57:42.947 169c Recovering log #3.2025/04/21-11:57:42.948 169c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\317253aa-6f61-4f3a-935e-54f507a64fff.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.050312824880371
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqFjsBdOg2HN2caq3QYiubxnP7E4T3OF+:Y2sRdsGkdMHNJ3QYhbxP7nbI+
MD5:	406C67870F6E6AE669371BBAAE225388
SHA1:	8711445D802A9AE4A2D375A848947B409070E2EA
SHA-256:	16D898AFE061076FF24D8B5FCC030B2CFB68A09967F765B92E64A23DB2D0EF9E
SHA-512:	789382B34EEFD647D28219B04BFB101500D4FF3503A5B781FE861E15FEAA485974664865830ED8E441BB99ABBD4620BB77D52954EDFB03FFE59C2FD6A5ECBB19
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389811073681022","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":141282},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.050312824880371
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqFjsBdOg2HN2caq3QYiubxnP7E4T3OF+:Y2sRdsGkdMHNJ3QYhbxP7nbI+
MD5:	406C67870F6E6AE669371BBAAE225388
SHA1:	8711445D802A9AE4A2D375A848947B409070E2EA
SHA-256:	16D898AFE061076FF24D8B5FCC030B2CFB68A09967F765B92E64A23DB2D0EF9E
SHA-512:	789382B34EEFD647D28219B04BFB101500D4FF3503A5B781FE861E15FEAA485974664865830ED8E441BB99ABBD4620BB77D52954EDFB03FFE59C2FD6A5ECBB19
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389811073681022","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":141282},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.245304186815169
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUZZ9I9Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLX
MD5:	B571D57CAD41831BF047A2F81E95CB46
SHA1:	AA5B2091384F4A270E10D3C3E8FDE94ACE8F5253
SHA-256:	579E2B5E86E0D676DFF0EAD8FB84209AC9EC4A386ECE245144146A55D6DA98DD
SHA-512:	4DB7A2275A4BFCE3642CB35DBE60DE6F02FE2A20C78B42FD13B50F3E39DF1EAF8B08270F6C6327ACE42AC0FD120F318F06E661CDE0AACEA445A874CAC0F757F8
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.245698603601513
Encrypted:	false
SSDEEP:	6:iORO3+q2P92nKuAl9OmbzNMxIFUtDtHZmw9KVkwO92nKuAl9OmbzNMFLJ:7Ra+v4HAa8jFUtDF/9KV5LHAa84J
MD5:	96DE7AD4917DBE8864F5CFE5639393AE
SHA1:	0E06A54261313952D682D01DA3DCFCEC8DE92E26
SHA-256:	457003E080D54EBDBA4152BB7C3BCE05F697A730EFA83361FE9627D4666A6AB1
SHA-512:	286CD77483703EF6AC1AE4B9DA89185D37C11E314100C7C1F9FE16E96E729A7D448D92F0271F463E906A517E7631B6296FF0792ACB08A668743E39C4AADD4A6C
Malicious:	false
Reputation:	low
Preview:	2025/04/21-11:57:43.174 169c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/21-11:57:43.179 169c Recovering log #3.2025/04/21-11:57:43.189 169c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.245698603601513
Encrypted:	false
SSDEEP:	6:iORO3+q2P92nKuAl9OmbzNMxIFUtDtHZmw9KVkwO92nKuAl9OmbzNMFLJ:7Ra+v4HAa8jFUtDF/9KV5LHAa84J
MD5:	96DE7AD4917DBE8864F5CFE5639393AE
SHA1:	0E06A54261313952D682D01DA3DCFCEC8DE92E26
SHA-256:	457003E080D54EBDBA4152BB7C3BCE05F697A730EFA83361FE9627D4666A6AB1
SHA-512:	286CD77483703EF6AC1AE4B9DA89185D37C11E314100C7C1F9FE16E96E729A7D448D92F0271F463E906A517E7631B6296FF0792ACB08A668743E39C4AADD4A6C
Malicious:	false
Reputation:	low
Preview:	2025/04/21-11:57:43.174 169c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/21-11:57:43.179 169c Recovering log #3.2025/04/21-11:57:43.189 169c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250421155746Z-186.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.4426740651671799
Encrypted:	false
SSDEEP:	96:4rDsujzKZaJhEMMMnM/IMIJgWO1+ILjJEa5gUxm/3cY0R5jnzRRMS9la4OB0qE1N:4rkfmI3q3Eyq7WzLVeEMXTrD
MD5:	3F5C22078B86A9AEF9C5D6F675CEF34E
SHA1:	F6B20A3FE30BC74584C4F6504BC2356164B56B24
SHA-256:	D03F88D90F44878DCA8FA885A1582395AE7B24F6C06ED65D916CD7464DE762C5
SHA-512:	3AE5521A316AF40D38F8652B9596793FBC5F4AF389B110F9B0A144EEC03C02E97D077174B2011E93BFFB6CB2B51F50E9E7B0A206A8C6EE6E3D459A7D34C2EB15
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1516

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.345939030147824
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJM3g98kUwPeUkwRe9:YvXKX5BHEOJHUYpW7TGMbLUkee9
MD5:	AF328E73C95155A9A70E084DD4822B81
SHA1:	285BF9262776952A58BFB6BDBF5DD0A6712830E5
SHA-256:	527897BF91206C8986170C52422D39269FA5468E0B88F4E5C8956498059B5D9B
SHA-512:	2CAFB322DEB956555D1EB882F36D0F83160DECA859853FFC12FE0C14741774979371210066469365EFA5924BDAAF1614C72809AB6F9C2E74E36933364D528604
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.287417721537083
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJfBoTfXpnrPeUkwRe9:YvXKX5BHEOJHUYpW7TGWTfXcUkee9
MD5:	23A53E70218DDC9418E7E09DEBE3FC98
SHA1:	F26BA6A3EBB8253F7202311949A9DBC06E11E477
SHA-256:	68B37FD043617C5AEEFB057CB7F4C2A930AF203AA9CEBC5CAB9C60756306AC69
SHA-512:	07A687DE5595526D18B8510F20696D4575FD5D9ED84A7275F46E47FBD74D221B455CFFB9121FF68E0B22A8CAFABA3A9E917315B227D1EEC2D6BEBCB83D7A263F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.264960919755706
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJfBD2G6UpnrPeUkwRe9:YvXKX5BHEOJHUYpW7TGR22cUkee9
MD5:	1ED68867AD0018A099262562ABA36C7E
SHA1:	F1147A179F0DAD24E4A027D226AD501B0C5BD508
SHA-256:	C658F39E0C80A4AE05776846057DD72ECBFE1F52C29A949E7FBF1679968F3047
SHA-512:	421588A627BAC5328BD6167B370FE80C876EF3768F35D7EAA68A6DC61101D4FA458F48AA7ED3210AF8A9D64A789EE4FC662E6CBBA0925F8DDEE9B78A2F8B068B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.324220526883537
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJfPmwrPeUkwRe9:YvXKX5BHEOJHUYpW7TGH56Ukee9
MD5:	1F4AFC38F66F703D1912D66093E41A79
SHA1:	8CC83E4847A94D9D7E71A42B70C9A4CF268E7E8A
SHA-256:	7FED03B71F3DC3DB20C2E2E0155916D1D4FBBBCC88BBA501775CDFF186DBD889
SHA-512:	940FC73E3BBF5C6762FA33E8476676DE91822BFE0F0CB38EAB53827C8127C99255D6FFED41A8A014A3FE2CC78F37A445DC19684F08C51E62A1DC5DA83247922C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.8411957094478355
Encrypted:	false
SSDEEP:	24:Yv6X5BkwliIpLgEGycjycR84b0nNFmerISIedJGWQxiEDtbpEsrAr3IAHlO25FEZ:YvuKIhgly48zFm/TWCt8KOP/nDi/V3
MD5:	6D4D2424500B62F739F61345F05B89A0
SHA1:	9D2869518DB4D60425DE99660B3B8095E0764A5B
SHA-256:	8A77AD51535D5FCB9687E916C121DE8298710253A4D2330F01B49F1126F6C3A6
SHA-512:	0768F288BD3093FBE7773A1D683BD1350BD8A7A55A5B834154076EF1279776D454ADAE2F4BFB424E3E551884E9615679432CBEA975FE3D73A85A2983F5F6F310
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.268901792343111
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJf8dPeUkwRe9:YvXKX5BHEOJHUYpW7TGU8Ukee9
MD5:	6E8BBEC3A01FB929A885CD2315FC5A74
SHA1:	007F2E720035299AE94B03F1B4D74F598518FAC4
SHA-256:	19590E9F03D20B89C01188DF62C7EBA8C741653E5B37A0392ABF58E221D4DCD2
SHA-512:	3D20B6F7E9B417BFC01F9DE40CAC8A0624C381AF2C17B593A04BAB718E97E72752152841F375BCCEE03DCA637CE7347AD048CFB4BD546F5C09E07FA5F8F9DD33
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.27135991679533
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJfQ1rPeUkwRe9:YvXKX5BHEOJHUYpW7TGY16Ukee9
MD5:	EE393967A3AE8C494A8AD4BA0289A7CA
SHA1:	A10567B1DE239C22352C754A74BA7C32374A385E
SHA-256:	AD61F865F3B4A38E177C9A04330D8E962633CD20072BF98A02FFCAFBA5F9CF6F
SHA-512:	B7C78DF87C5933B9719F23C34F5D7526E645BE7298290BAA06E31847D84630E951B2382C64467D2E26B63B0D3B7EAA820515CC9892BC3001ECE138E3515CDE7E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2160
Entropy (8bit):	5.826295128480155
Encrypted:	false
SSDEEP:	48:YvuKHogbN48uOQ/GiyL4TwKOkQJi+ohJ3:Gqg54nf/IQOkQJiFf
MD5:	BB578ABCEA716C2E5C80B21EAE4F5CF3
SHA1:	F2E23A911394148F4B55D09697A7CCB2A189D156
SHA-256:	2BBF846B7FD2F065158019A53E4439FC9F118A17B29B8E8DFEAEFBD419142899
SHA-512:	419D32DBA3EDD735DE303A77B28829FDD21F96CA3135A0896273D609D08BC8269C16F7B5C155CA0C5FF3B0F5FE93E6CB4F0651F3F2D85E9424F7C1E194B00B6B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.297210287196239
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJfzdPeUkwRe9:YvXKX5BHEOJHUYpW7TGb8Ukee9
MD5:	AD3A1A5A276637FF5DEB48199F822424
SHA1:	492F6461E30F04DF67C3FF53E79B673B12573AAB
SHA-256:	8744CD1865B8AEAD450522CA3C58362187005CAF1FDF6095E1F0506B2897244E
SHA-512:	F8DEC0D11D020FAD3C764DACCF84233E6D0B2A7604DCBFFD5F8105AA07DFE1FBB90D19450A4D83EA6EB53B4F3392BAD4B405783F031F905AA9E6B491FF6E5919
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.277934436251169
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJfYdPeUkwRe9:YvXKX5BHEOJHUYpW7TGg8Ukee9
MD5:	CBBADA9F24E0B99E2240D87E285D52FB
SHA1:	F5A1CF9EC8A650DC37F40BA635352FA9AEABF314
SHA-256:	A058DFA14D1243DBE4F567A261E4823DD1C2BA4A48D022A208592BD72100C00D
SHA-512:	5DFD2D0B6A3C8D657ABF7F377AA8CFEB012BF498C94DF69D910120E7C7B9E8B6AC5B3C601943BB0E68FFE735BC24D873A4AAB81B2D09D71A2855424C3CBDB5AB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.263278629305987
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJf+dPeUkwRe9:YvXKX5BHEOJHUYpW7TG28Ukee9
MD5:	0F0EE057F295BAA1AEF6842BA77232B8
SHA1:	30B43394A0866B935448CF35B7C6091CAC75B997
SHA-256:	83C6FBEBF58A820E6640896BD86E5F698883144ABFC04C7AACC43AE672E9FDC6
SHA-512:	5C8F6B7E7988D03BD688ADDD04BD066908F61DA07C7B22A9C7C5E9CD99C0D99277C48C541D2E3946D88E26EC3EFC29F7F9A86D3F801FF98FA6C9E113BE5B256B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.26163318728413
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJfbPtdPeUkwRe9:YvXKX5BHEOJHUYpW7TGDV8Ukee9
MD5:	D66D2C1BB681CB1CE787D1D8BB00DB76
SHA1:	45F4E492891D4347A710A55C14D91D6DA57E27D0
SHA-256:	C66218D7ED5FB77FDC86617DD05B940D28B61BEE43A5878C777095A1AA425D7D
SHA-512:	7C473C8F6ED7B0F482350B7A3CF12C489FBB2FDC9286F2A111B1D6744A94C5A186EF77929CC2DA01623384355DC411951AEF10B35846B6629C2B574813D510A7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.263576262966971
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJf21rPeUkwRe9:YvXKX5BHEOJHUYpW7TG+16Ukee9
MD5:	D2721A2BB469B710B32C081F99227FA2
SHA1:	78B8B55F65EB327F282F9458404E057BE479340C
SHA-256:	4989A529211A79EB2E86FCBB6B45315774B9EFD660EFBC92EE6E26E8CDD66377
SHA-512:	69001C1EF5F71D4AA4DB5A7C12F852FEE37324C0A5691110CC50AA81AC60507EAB2A9F30AD4122AF2A8A9A57C3B785585CD20A786FC2AE7A8FAADD58D6B03531
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2112
Entropy (8bit):	5.844584265798472
Encrypted:	false
SSDEEP:	24:Yv6X5Bkwli8amXayLgEdycgNaLcR84brvXJkoerISIQ1iyLVFgKy1N8IAHlOBJED:YvuKaBgBG48kJko/SiyL4T0AFDA/V3
MD5:	30F5ED6E36417F463BB3B746E703E438
SHA1:	6522FE99CF2070DC22D9775BEF0083E4B4B9773A
SHA-256:	9299AA14CD59B17048715319150B0620CAA0C54B4F9562F4A098369F4F95A2F9
SHA-512:	DAEBC14BDE8FFD137262141EB9AF301689F671E08AB921B1C16A964A326D1652ECDA491435B4FBC153B5D441EDE101680544475A8165A7FCD21B2D12594C8169
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.236926135416585
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJfshHHrPeUkwRe9:YvXKX5BHEOJHUYpW7TGUUUkee9
MD5:	2710F901841910634F072ACA81CC8F62
SHA1:	289FA8D8454688E6AC3CD880D2DECB7D12B11150
SHA-256:	975C21D8AE0FC51BC674A516557BC6BC70510CA05DDFBAAEE01C6CB667C1C8A2
SHA-512:	A3BAD44A7F6035C363024342681206F85B9FE249448771E1D0EDF50C867EEFD9608DA31C332DD50EFC0B6588A403D70C0809BBD3446C194793CDE80D20F323FE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.251199962141687
Encrypted:	false
SSDEEP:	6:YEQXJ2HX562MGErMpJHx+FIbRI6XVW7+0YuUoAvJTqgFCrPeUkwRe9:YvXKX5BHEOJHUYpW7TGTq16Ukee9
MD5:	E00673073770A127ABEC840DFE4C9B83
SHA1:	9B119E82EB4B3785DD7899D32C757D411C0D20C4
SHA-256:	4ED33F5497EA1BC280CE2B87A3B989C6D49117A7E4976F427BE96D49C4B6F5FF
SHA-512:	309F5BD4DF631B6CDF39341DDACD9C832A3E2BC55D32733E5F4DFD602A793A893F59EC35EFC05B6B61A3C7FDD9EC9C02C4A9395329EED4FDA0299F72267A6781
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b85d67bb-ba73-4943-bbca-ca5a51b291cd","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745424380688,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.12831739828353
Encrypted:	false
SSDEEP:	48:YJ+V9AadMjYHVPLBJ54XKzVRkeHl6vNG9J:fMadN1PLBJdjHlmNMJ
MD5:	D7B0E00F54FC0573CB2CE5FCA766544A
SHA1:	519D3E61AA56DBC129D9CF9833D8EE101830E31D
SHA-256:	9051FB8F1FD39816A6CF4FC05B41CE6913DBBE65AD67963FB1586607733BD3E9
SHA-512:	F996F7EB6227F33085FA1F9E645A4ADED4C23C493E27BA01186D78F7EAF840BD68C3B1B81BF440CD69EE8FABEBA9048181AD1F1BB2CA0D6370004EC619E96061
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"c2ee3a0e59d7478d4e462a7bfba40d7e","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1745251070000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"3f210af413eb419b697ac67ef39f6cdb","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1745251070000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"9e49abf9a59c1e30d9c2f091fc1519b0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1745251070000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"4281654473d81e797ae7755013977fcd","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1745251070000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a8a827b71378e9f20b365cc58a084ebe","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1745251070000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"56603310a70bf85a2bfe630d20df14a7","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9859482106270373
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sps4zJwtNBwtNbRZ6bRZ4ZF:TVl2GL7ms6ggOVpXzutYtp6PG
MD5:	F700FCE06B1524B67A8A2643DFCE0EB2
SHA1:	EF68464C5CE4583E46DE4E39739AE79F770A199A
SHA-256:	FFEFC9D22470177E9E38BF0DCFFE4A9CF7654FA95909C029E9C36226CABFE1A7
SHA-512:	3D9318ADEE7E3D2958606CA2176ABFB5FBB74FCE45A7DFD072A1C840B86CED18D6D2CFFC80EBD9AAA3C64E33ADDBC8EFC97D2D7D91C60E44EE8F700B3D43C00E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3368454739567517
Encrypted:	false
SSDEEP:	24:7+taAD1RZKHs/Ds/SpsPzJwtNBwtNbRZ6bRZWf1RZKuqLBx/XYKQvGJF7ursV:7MaGgOVpQzutYtp6PMvqll2GL7msV
MD5:	C2BCA4C0AEC250BCA9B2E0BD474CCCD0
SHA1:	0B75D00C69D53BA833C63BBACE4ED7D6E679DF56
SHA-256:	60C9201D081169D454C51B73DED4F39AF252CBB20F6185341A607E41632B8966
SHA-512:	04B0BC38BA9CC79B62A445C9E398857228DE73FC35DA66FCCD3D5DA67D42645AE015704A742306DF0D2B5B89A37590282F4F3B61F11D1841AD0D8324C5710442
Malicious:	false
Preview:	.... .c.....mK43......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI25041.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5193370621730837
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K86ClEpN9:Qw946cPbiOxDlbYnuRKfpH
MD5:	A22DBD26A8341E99C1D017161745BEAF
SHA1:	3121D2532F3D5C4128DCC939728A25F122BA3424
SHA-256:	D1FEA20F53949A789D777C7064DF95E27FB91B869CBD7A976BA1596DFF458EEC
SHA-512:	E6F66D8C7D1FC2CC627FB688E3EF8ADA2BDADE4954D62A760BC0B09F4944B1799713A05D17EA548D08A2A8A7793F53EE1EB659F7C6EC494FE681C94F47AB5972
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.1./.0.4./.2.0.2.5. . .1.1.:.5.7.:.4.9. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-21 11-57-44-390.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.328579233521904
Encrypted:	false
SSDEEP:	384:ejBqyNyF3afHwIyPhr6vwTrOqBEJ7QQzL4PrdFCT3InLF4MnVsyd9dZcxOM6HCan:PCst
MD5:	45AC94DB4464D7073E07D33C886C05C5
SHA1:	9E5140907B67762B6DEA945D8E90D9C1CB5C985F
SHA-256:	A375D1606EA9400C1ED813506529E3412DAD281558EB5A769ABCD2DFE5303145
SHA-512:	9F0B46225E09730E9B3B960B7385447D637D03B8C3EB7E08D3971626354C4466E9EF7AE2C4D17FD77C7C8B1B81583C52B593BDE9D2C2DCBCAF4863C271C1A950
Malicious:	false
Preview:	SessionID=bc2b2796-5c29-4716-aeaf-fa7dca591e18.1745251064425 Timestamp=2025-04-21T11:57:44:425-0400 ThreadID=8200 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=bc2b2796-5c29-4716-aeaf-fa7dca591e18.1745251064425 Timestamp=2025-04-21T11:57:44:427-0400 ThreadID=8200 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=bc2b2796-5c29-4716-aeaf-fa7dca591e18.1745251064425 Timestamp=2025-04-21T11:57:44:427-0400 ThreadID=8200 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=bc2b2796-5c29-4716-aeaf-fa7dca591e18.1745251064425 Timestamp=2025-04-21T11:57:44:427-0400 ThreadID=8200 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=bc2b2796-5c29-4716-aeaf-fa7dca591e18.1745251064425 Timestamp=2025-04-21T11:57:44:428-0400 ThreadID=8200 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.3980239736932765
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbk:w
MD5:	5DAE2AB20161E63F25E69142E9DA1920
SHA1:	EBFC859CA93679D829EFF50409BFF69F484209D8
SHA-256:	2D83A509F6D149984714F62DFE3F12005EC0F0A8FCBD24A173E9F68604592DAA
SHA-512:	D9F229EF48C93F8999753A9FD5B0BBE1A9763435FD0F275C3797638696790BE50AB62AF40D751C40CA84DBC039437C5E2BD09F3AE482024EE11ED75E40F16C3B
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\7e57c9ad-24ac-43f1-81fe-10b3240b1b7a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/YkwYIGNPQbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZd:DwZG2b3mlind9i4ufFXpAXkrfUs0qWLk
MD5:	38ED8E7B44D526DDA0F3E7608AF1AFA1
SHA1:	45E30A6789382E29AC870CCF92B514FB95742C45
SHA-256:	7B277E2332AE55A014D8C37CCC879D165E33315437F6197BEB153CD75E4EFBBF
SHA-512:	7169B1E4B2895A91FA0FBE4297CB70BE56D733084653334BB4E8421382F8F761DAD11B5D87277E0286A7C16CB53A2C79F96BB45F433D776E82A7CF45EA25121C
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\cfa5fcfd-23e7-4a0f-857e-63ba6443187d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/rwYIGNP4mOWL07oBGZSdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:TwZG6bWLxBGZS3mlind9i4ufFXpAXkrj
MD5:	4EAEE53509167AAEE3B27D9846E76878
SHA1:	D18F9064065AF57C2E46284112594989BE66A6D0
SHA-256:	147DF04B545EB05724AAD0D90624527352C79C477F5DD188B5AEB15B485FC139
SHA-512:	35D5D521D529F5AB7FB7B09871D62A8150D26A7E4040503B52726D82A4B514F56EAF035CF5B2C629AE8D8B86BC1FBA35CCD8F09351FE335645E15AFAB0EF23E3
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\cfad5c72-dd4a-4c14-93f0-33ceb6737ca8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\e5be7888-3a60-466f-aa9a-53a039a53e5a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.5
Entropy (8bit):	7.989149853562126
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	RamitBharanikumarResume (1).pdf
File size:	82'481 bytes
MD5:	13fe24fda47616cc75c94c531ebbe788
SHA1:	fe43f070078c059b2807b41d4fc643960293d5f3
SHA256:	58d6a3ebbab6bcdcfb690ab42599962f3f5eede353f1fdd74cdf99ace2d93ecc
SHA512:	c65c53f571fdc05ec27bea4d97d1f1a6836b2bddd432bcb102402b1975c0bdc4b2c095379c938e93f53a539adad6d8d931a140f98de31ac47ae66265a54442e3
SSDEEP:	1536:jgJ4J+nBOjmJudu6nAfCNr/BcwSAhULihs5hLDxLuvSpy:Yuo4rtOwzhUcsv1Xpy
TLSH:	A08302C6990C1C66EC4FC9BE9D156F217BD744F3C5713616388FB9CF271058AAA208DA
File Content Preview:	%PDF-1.5.%.....5 0 obj.<< /Linearized 1 /L 82481 /H [ 791 147 ] /O 9 /E 79113 /N 2 /T 82185 >>.endobj. .6 0 obj.<< /Type /XRef /Length 63 /Filt

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.989150
Total Bytes:	82481
Stream Entropy:	7.997036
Stream Bytes:	80136
Entropy outside Streams:	4.772645
Bytes outside Streams:	2345
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	16
endobj	16
stream	11
endstream	11
xref	0
trailer	0
startxref	1
/Page	2
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

⊘No network behavior found

Statistics

Click to jump to process

Memory Usage

• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 8148, Parent PID: 3084

Function Logs

General

Target ID:	0
Start time:	11:57:40
Start date:	21/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\RamitBharanikumarResume (1).pdf"
Imagebase:	0x7ff783030000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Created

File Moved

File Read

Other File Operations

Volume Information Queried

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Created

Key Deleted

Key Value Created

Key Value Deleted

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Execution Resumed

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

System Information Queried

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

Window Created

Window UI Found

Window UI Enumerated

Show Windows behavior

Process Token Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7748, Parent PID: 8148

Function Logs

General

Target ID:	1
Start time:	11:57:41
Start date:	21/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff7f5260000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Read

Other File Operations

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Process Terminated

Show Windows behavior

Thread Activities

Thread Created

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 1020, Parent PID: 7748

Function Logs

General

Target ID:	2
Start time:	11:57:42
Start date:	21/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1568,i,16450863793001682819,4642200168295607468,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff7f5260000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report RamitBharanikumarResume (1).pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\317253aa-6f61-4f3a-935e-54f507a64fff.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250421155746Z-186.bmp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1516

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI25041.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-21 11-57-44-390.log

Windows Analysis Report
RamitBharanikumarResume (1).pdf