Edit tour

Windows Analysis Report
HVT2025_410969.pdf

Overview

General Information

Sample name:	HVT2025_410969.pdf
Analysis ID:	1672200
MD5:	48b4d49c07645a196013979df815a56a
SHA1:	1422486f0d9863876797d05915b044e501a6d38d
SHA256:	86231dadcde551ecc69fb44cc7506404aa3b6c5ca85080b179238aa1e3dd79b4
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7036 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\HVT2025_410969.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 8016 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 8308 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1568,i,16431447686442116659,9203199988206534024,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• System Summary
• Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@15/41@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6324

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-23 11-17-18-148.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\HVT2025_410969.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1568,i,16431447686442116659,9203199988206534024,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1568,i,16431447686442116659,9203199988206534024,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: HVT2025_410969.pdf	Initial sample: PDF keyword /JS count = 0
Source: HVT2025_410969.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: HVT2025_410969.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1672200
Start date and time:	2025-04-23 17:16:21 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	HVT2025_410969.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@15/41@0/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.29.183.29, 23.194.100.185, 52.22.41.97, 3.219.243.226, 3.233.129.217, 52.6.155.20, 172.64.41.3, 162.159.61.3, 23.209.84.50, 23.209.84.76, 23.209.84.41, 23.209.84.58, 23.209.84.70, 23.209.84.64, 23.209.84.51, 23.209.84.40, 23.209.84.32, 23.209.84.42, 23.209.84.45, 23.209.84.77, 23.209.84.16, 23.209.84.12, 23.209.84.11, 23.202.56.131, 20.109.210.53
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, prod.fs.microsoft.com.akadns.net, geo2.adobe.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2222942349241945
Encrypted:	false
SSDEEP:	6:iOR918+q2P92nKuAl9OmbnIFUtD913W5Zmw9913WtVkwO92nKuAl9OmbjLJ:7R91Bv4HAahFUtD913q/9913W5LHAaSJ
MD5:	CF98BA5585F52D4BFE573D203BD6F180
SHA1:	15F73E7A72876BAFC7369D394F902009792BD106
SHA-256:	629B8B261982A3B96CA12DB7E3436F142CFD2BAAD003C57FE9DB79E2B5600893
SHA-512:	FFFC49AE44C8A7FFF9508B0B5EC9547197E13EB2577D1ACA64931D8F6F6DC325C33ED3B85883C68BB6E28F8A34939130952362B61445A7371AA4E985512D8C00
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:17:16.221 15f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/23-11:17:16.223 15f8 Recovering log #3.2025/04/23-11:17:16.223 15f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2222942349241945
Encrypted:	false
SSDEEP:	6:iOR918+q2P92nKuAl9OmbnIFUtD913W5Zmw9913WtVkwO92nKuAl9OmbjLJ:7R91Bv4HAahFUtD913q/9913W5LHAaSJ
MD5:	CF98BA5585F52D4BFE573D203BD6F180
SHA1:	15F73E7A72876BAFC7369D394F902009792BD106
SHA-256:	629B8B261982A3B96CA12DB7E3436F142CFD2BAAD003C57FE9DB79E2B5600893
SHA-512:	FFFC49AE44C8A7FFF9508B0B5EC9547197E13EB2577D1ACA64931D8F6F6DC325C33ED3B85883C68BB6E28F8A34939130952362B61445A7371AA4E985512D8C00
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:17:16.221 15f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/23-11:17:16.223 15f8 Recovering log #3.2025/04/23-11:17:16.223 15f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.183808685710416
Encrypted:	false
SSDEEP:	6:iOR91MXjM+q2P92nKuAl9Ombzo2jMGIFUtD91MdAZmw991MzMMVkwO92nKuAl9OU:7R916M+v4HAa8uFUtD91cA/991yMMV5c
MD5:	0964062CF5688DFC8A9A295202C7E70A
SHA1:	EC5B5AB03B0DA31833FF373C2BC4070DD82D8F8E
SHA-256:	023D35754A23F7664D5B4F7D2BDEDEF5274565B93CD2D652E2E6366AF926E433
SHA-512:	0A04034018A15511492B08942ED39518831F5EC37A5AA099DD9E258E05DD69B1B57DA883B7181C46B8CB1FDEFBA1D4701DB80BB6EF1A0D76285F3375F5A7781D
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:17:16.102 208c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/23-11:17:16.108 208c Recovering log #3.2025/04/23-11:17:16.109 208c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.183808685710416
Encrypted:	false
SSDEEP:	6:iOR91MXjM+q2P92nKuAl9Ombzo2jMGIFUtD91MdAZmw991MzMMVkwO92nKuAl9OU:7R916M+v4HAa8uFUtD91cA/991yMMV5c
MD5:	0964062CF5688DFC8A9A295202C7E70A
SHA1:	EC5B5AB03B0DA31833FF373C2BC4070DD82D8F8E
SHA-256:	023D35754A23F7664D5B4F7D2BDEDEF5274565B93CD2D652E2E6366AF926E433
SHA-512:	0A04034018A15511492B08942ED39518831F5EC37A5AA099DD9E258E05DD69B1B57DA883B7181C46B8CB1FDEFBA1D4701DB80BB6EF1A0D76285F3375F5A7781D
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:17:16.102 208c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/23-11:17:16.108 208c Recovering log #3.2025/04/23-11:17:16.109 208c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9fc53497-2d42-40f5-b65e-075e14c4a7c0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.053449887957996
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqbsBdOg2Hecaq3QYiubxnP7E4T3OF+:Y2sRdsVdMHh3QYhbxP7nbI+
MD5:	2AB2C56880422D348CED04D11EDFD9D7
SHA1:	3F3813FB59922A1B9469A7EE814ADD6CB763CBD3
SHA-256:	A048CB91CF6C01457A38F13CCE9D4C75A7C7F659CD1F734C8C7A2252A2711D48
SHA-512:	B3E44DF2E0394135A7D917F2B9BF52F299975D5C39BB2B7E9230ED01452844A82D1D44ED0349B0AF00926F9D60D0C0910A716CAC73D266B4ADC054986878AC91
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389981447075149","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":141330},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.053449887957996
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqbsBdOg2Hecaq3QYiubxnP7E4T3OF+:Y2sRdsVdMHh3QYhbxP7nbI+
MD5:	2AB2C56880422D348CED04D11EDFD9D7
SHA1:	3F3813FB59922A1B9469A7EE814ADD6CB763CBD3
SHA-256:	A048CB91CF6C01457A38F13CCE9D4C75A7C7F659CD1F734C8C7A2252A2711D48
SHA-512:	B3E44DF2E0394135A7D917F2B9BF52F299975D5C39BB2B7E9230ED01452844A82D1D44ED0349B0AF00926F9D60D0C0910A716CAC73D266B4ADC054986878AC91
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389981447075149","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":141330},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.229720341588147
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUxh8ZfVXWHZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLQ
MD5:	00137CE77A67D9339AD153C016988C90
SHA1:	A7A43AE1D60B30A91E1623A0F1165CAC8BC8321F
SHA-256:	E10F51B2FE2BD7751B26677D5835A0D37E25ADC952B2A63C1F877C2FA9BE293D
SHA-512:	F588C1C35C19424D867EBF65CA239B43AE40DE52BBD97FE928010BCB4BCC9FCD379F9FA70D60D9E6215471CF59AA306056269D00ECC8680FC84692BA33BDAE6B
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.213176211810946
Encrypted:	false
SSDEEP:	6:iOR91SM+q2P92nKuAl9OmbzNMxIFUtD91HAZmw991C3SMMVkwO92nKuAl9OmbzNq:7R91SM+v4HAa8jFUtD91g/991apMV5Lv
MD5:	67B7865F90B4703ACBE06F67753DA417
SHA1:	F80601090229EB9A9DB979DFB6CD253532768837
SHA-256:	BB3454DC1D35B6CF20F4A23A19A2EFF05AFF51F7C7684F43B4DE8D9443C29474
SHA-512:	538278C6CCAE01D4345FD39817E38BF47A27BEF8E09CB7752152BFFB856ABD657DE5DDAEC363B956150AD87BCEE11E563BC79AF5E01FDC68FE842A15054DAC11
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:17:16.278 208c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/23-11:17:16.280 208c Recovering log #3.2025/04/23-11:17:16.294 208c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.213176211810946
Encrypted:	false
SSDEEP:	6:iOR91SM+q2P92nKuAl9OmbzNMxIFUtD91HAZmw991C3SMMVkwO92nKuAl9OmbzNq:7R91SM+v4HAa8jFUtD91g/991apMV5Lv
MD5:	67B7865F90B4703ACBE06F67753DA417
SHA1:	F80601090229EB9A9DB979DFB6CD253532768837
SHA-256:	BB3454DC1D35B6CF20F4A23A19A2EFF05AFF51F7C7684F43B4DE8D9443C29474
SHA-512:	538278C6CCAE01D4345FD39817E38BF47A27BEF8E09CB7752152BFFB856ABD657DE5DDAEC363B956150AD87BCEE11E563BC79AF5E01FDC68FE842A15054DAC11
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:17:16.278 208c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/23-11:17:16.280 208c Recovering log #3.2025/04/23-11:17:16.294 208c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250423151719Z-174.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.9699680306922118
Encrypted:	false
SSDEEP:	96:0+7ovHtaIf2Vha0jQkoGNTyuAl8BhEtvSHmCCF1S3M8dP:0+7ovHtaIf2VdjQkoG8hl8DyvGm9FgR
MD5:	8703CF4EF1CD9C05F3E40BD9CC771891
SHA1:	98A74129986D657F9BCE5E8E82255B1AA40FF4BA
SHA-256:	C98D1B118ED2C2D8FBC3B19D181480AF2478C429910CF787D4F81597D60003E7
SHA-512:	CE9279F3F0AE69EF6C7F1E78414B9C02672A8E2FEE96FF801A186BB9BF909361636322241C3897AD7058969099E6AD9992CF22CB7AE5F9835E66C7F067BDAEAF
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6324

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	high, very likely benign file
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.348345648531524
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJM3g98kUwPeUkwRe9:YvXKXrVYpW78qGMbLUkee9
MD5:	74622E13827C68EF6C90C330C185CF94
SHA1:	6861E373F1DD0B867D8208E4F6F38521EA96EDD8
SHA-256:	25B6E8AE11BE79E14890128094CF21E83545D15EEF39FFA59D7BEF75BCB5F0D9
SHA-512:	664870FA3F8D72A3DCFFCCC50401C6D3FD1474998A731E3814DB02679FD14D07A9749FA5C84F95EB0EB3BC93606E0DAA3B4EECF577F69CB63528EECF153F5823
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.286530448885763
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJfBoTfXpnrPeUkwRe9:YvXKXrVYpW78qGWTfXcUkee9
MD5:	C9A390C5D247EF3D4D9FFFE96D084C01
SHA1:	7EA74636F9BAABC33EB9BD3FB6E71257AC57FC97
SHA-256:	2775603B0B1CAE2E511875ECA4D6F2E557CDC3FD558A13FB214C3B2E6BC4CCF3
SHA-512:	1F611D9540FA27A71B9DDD61C7E25202F97661AF1B951C2DEE76DBE35DDB783073C79CAEF322005C554427C5A80AAF41777C82148AAB0A8C4037031B77C31CE5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.264380542462833
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJfBD2G6UpnrPeUkwRe9:YvXKXrVYpW78qGR22cUkee9
MD5:	038E32029EE35DEC0D4C5444B3C2865A
SHA1:	5157997358BB304E99A113A748E7A4D7F7600833
SHA-256:	AD685F6DE7FA8954328FA50598912A146D170B83A834E544B288A53A0FEBAE25
SHA-512:	6AB7E7EA712B824D5089FA94DB0C5BB1EEFB4FC0685BFBC55E15C845AEE3B87D04ADC1AA49A41F00F1C4647BE6BFA1BC618F23DE06FD263223CC74625A28F923
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.326711588017541
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJfPmwrPeUkwRe9:YvXKXrVYpW78qGH56Ukee9
MD5:	4358B7CE439BC44EE4E946FF1826BC2F
SHA1:	5D8F9DE5F0FEE20F49B515B3D803FBA4FE74B21F
SHA-256:	9595DD2D5D0076B6D44CF5883575E12C2FC561D0272CEFEEC7F92AF874E7BAB6
SHA-512:	1C50D1CA6979321E3773611E064F3C2B650E68FB955E3D2DB0180E9E8AC4EFA7409EA8F70AA5573083E0C05CEE26FE4BD14B3731CB3BBB040C256DFA0206A1C2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.841792348579316
Encrypted:	false
SSDEEP:	24:Yv6XreiipLgEGycjycR84b0nNFmerISIedJGWQxiEDtbpEsrAr3IAHlO25FEEDiw:Yvg5ihgly48zFm/TWCt8KOP/nDi/Vu
MD5:	9209B8D0B83A68FBE142F88A5FE7957E
SHA1:	E2E14E2B9370BC29B42515D03BD5E63D2C4F3AF5
SHA-256:	114D84B6DBBA893C5C3210B01FC75517D0029B7CC1D62F27CEFC5EB73954D1AC
SHA-512:	BA7B68505F471A027B21F8B5AAC06DF113D0562E4FD52B455BAD392174CEEF34494051B3D2C05F76D3B3DBB2BC04D1EBCCBAB0C936A98E2A337DAD3C775CCDB5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2708553636673665
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJf8dPeUkwRe9:YvXKXrVYpW78qGU8Ukee9
MD5:	7F7F39A04F6154F55211365AB441A49B
SHA1:	D40E5505C95FCD81569A6DBB1B55F311969C6D7A
SHA-256:	452663BA36C99EF66F20D1BFF3205649299F5CA9EED8BBBACAFB6C97386709CB
SHA-512:	1BDA9DF6DF9A6AE5C8072122B3D81D983F3FF76CED73062D995966E47A6974EDCDD9D2967D9E97D81140B68A377F84EB705AD3E35420569E9A6C766B94763CEA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.272709793071238
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJfQ1rPeUkwRe9:YvXKXrVYpW78qGY16Ukee9
MD5:	9DF833D4A03BC94C6462221707025D7F
SHA1:	9A73E7BEFEE108DC126F883E4716EED73BFA9167
SHA-256:	727813E175E2DFA31258181D58826FDE84DCCC47BAC438FCCF645D13CBAB88A3
SHA-512:	69DF9016FBF76AB47F459E7D070E706D60D2EF91634436C9DB979E4AA38360D338AC7FA09D8514EE5DD5F95306BBE242977E7B2DE5936D2D3DD110E8763DFEAD
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2160
Entropy (8bit):	5.824252725158797
Encrypted:	false
SSDEEP:	48:Yvg5pogbN48uOQ/GiyL4TwKOkQJi+ohJu:GgUg54nf/IQOkQJiF2
MD5:	08581F53D954FBD13205C942EF5800BE
SHA1:	514F06C4FE8E68915159646E083C481A602923C3
SHA-256:	8E77A48E1677B9596AC542083E78AF4C0040FCF46EF68634D5369244199946FD
SHA-512:	6BE18AAF50AA83EDB38850E10BC36EEF27C793E6DA0C345D1694C28D08E4A5EA7F8ED21256F5A9E81ED363C02A686DE3DFA02D65239E16DEF54FA3AFF66A73FF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.299075783095151
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJfzdPeUkwRe9:YvXKXrVYpW78qGb8Ukee9
MD5:	ED47A148A0B0CFD0532B56F3E6FDAB1F
SHA1:	1788FF75F488ADEC5884D8E9DE9DEFB5990195FF
SHA-256:	C73CA29154579ACBEDDBE07678BBDF667DB6EBF94C319E16004352B18FD0A7A5
SHA-512:	F451B45F40A5E9F2EB575CEFC6A8EABA501AE82FE9D66B42F78462E9EE3822068EA84E2CDEB7A6F660B620D0A44FB0E898D661A56B6B50A112A8C738360CEF84
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.279575802608699
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJfYdPeUkwRe9:YvXKXrVYpW78qGg8Ukee9
MD5:	E00E4957203A0A6AD334CF0C0463A9B5
SHA1:	E3CC8814A966248659A4573B42130D52DC0D01C0
SHA-256:	A170A4DE0FF460D39744FEF2AE284750E4AB980A211751147AF812E57DFEE0C5
SHA-512:	F8C4E79853082AB46878F30F30AFE7E9251D4EB29E6D3574F8FA6DD080A3606C539DD434DF5A980A891189F3E9D322179B39E244253422F015957F0E1A42C997
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.265266594491585
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJf+dPeUkwRe9:YvXKXrVYpW78qG28Ukee9
MD5:	C3B673E7000790720A1DBB6862704E39
SHA1:	0629F533F7E05F0AA474ADD98AE61419196FDF9E
SHA-256:	4BD9D9444B3E2D980123DE73CAE458C1A69FF7AF0893737B5C259BB0CD711B84
SHA-512:	2303C70084B2ECDD467D06F4DCC102CA1BAA86554C7A71F57CD3D42DBA67E0B13227CD9285949E9B7A4588884B09CA090F38A4D252FEF488514EC8D138F2EA21
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.263263272773224
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJfbPtdPeUkwRe9:YvXKXrVYpW78qGDV8Ukee9
MD5:	4374D5420BAA2A7957FA65BA85A3FD75
SHA1:	704FE89BFFEA0737FF94153DD9BA57E9734DE9F0
SHA-256:	B4E4A708280DCA2C7B0225AADA89CBC969D1929B293281BF52271A0DD6F45F3A
SHA-512:	8B0E28DD8786BFF4989E22BB3B28006752D67805F06A0BBAFEF0B7C698ED92D13E64DE72F9FEC35BFD0C994096349C0E32953C0C9EF12FD07C757B1DDF2DFFEC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.264949656251171
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJf21rPeUkwRe9:YvXKXrVYpW78qG+16Ukee9
MD5:	0D511A6726F4E1A1B8E0CAA4CF4F07D1
SHA1:	31F87C29C164E04DE0652FC24603934183453626
SHA-256:	0F496186AAEFB7E1E851A4E130C427A15D2E98614ED1567E0797F2DC54C0D852
SHA-512:	B8666A16BCE7C48698DAFCD63AB86558104DF179FD185D0DE481A5DD91A2861B79B35F00AE8832288B7546FA447255B628AA3BB44E973AD97F649915D67C36B8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2112
Entropy (8bit):	5.845220147251687
Encrypted:	false
SSDEEP:	24:Yv6Xrei+amXayLgEdycgNaLcR84brvXJkoerISIQ1iyLVFgKy1N8IAHlOBJEEDYC:Yvg5ABgBG48kJko/SiyL4T0AFDA/Vu
MD5:	1539F3B14F11D45C2947BF1CA05C6A29
SHA1:	757A8372AC4D9A3F9235F2666E5161D1B61D2028
SHA-256:	2706BE1459DFBBA9E9714DD5D77833A062E004200DFCBBEAE13F7AA05DD41C2E
SHA-512:	1E247AEDCC124071869554A53F7A0A537DA119211A3C94317532DCE7F072CF527912D5CE9A6455D5C3A9B51654491C0B7E4B3C21FC11D07B230E06FB4EB345C4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.2389001987477375
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJfshHHrPeUkwRe9:YvXKXrVYpW78qGUUUkee9
MD5:	5669B8C9B11CDD37F50EABFE4721942A
SHA1:	407490E59792DA7B868EEEF880A8F5E0E6E7C9BD
SHA-256:	F2C4C003C2D86313C1414A2D3960DF8722B3834DC73FDCC5BEB6FFB92AAF8535
SHA-512:	8145AD4A55FB42902C485514F6B6EC0D2124FCC2C45B24C51834AC425110CC7DB85EF33D5356FF0A3BDDCE793682305396B92654408401ADA966C64B2631B880
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.254901452145535
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9BLY+FIbRI6XVW7+0Y7x1oAvJTqgFCrPeUkwRe9:YvXKXrVYpW78qGTq16Ukee9
MD5:	1F9FE963AA92281DB9DBAB856B0A4B34
SHA1:	D30B0E5FAA25EEBA047A8CEF68CDAD578E561576
SHA-256:	35578CA51838D82B33F261BA0485C4394C9A4365ED522662D3790FEF60B59250
SHA-512:	BA939D08A54D88E5C80FCE5A28ACFFF2A55A2F6C8730470920F1AB91885A36AFC148F4AA71F131933CF792AE59A1B6D862F3F40DB82B1733195295309AB40230
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d6b4c098-c46b-4bea-a77f-111f3089cdba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1745594963089,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.127516637150475
Encrypted:	false
SSDEEP:	24:YvOM4aEby/ayVObyB0vDSP7z/y/Oe5yESIg4XVjiU7jsj0SdNblOY2/2LSdHCpvA:YCbyqI/yWeFg2x+lmbFUIdccJ9D
MD5:	E940737D6FA7D8883F0AEA01ADF46434
SHA1:	8C7E38E05EE8870D0B3E7650DE50642DCD499EE8
SHA-256:	2028C81E56FCC956BF979F68A263EEDCF60D42AA467E0C639B380A7B56871996
SHA-512:	BEC02BCB0EEF8217746717A20211851ED94D56258F60F6AA1ABDB944B992082EE03A5B27DB768293C07564CC83F26BD1439E3532917C1BDD84D088C1BD2EBC97
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"88be4227533a6c8c3da01089da3eed6f","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1745421442000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"588d62b706355d8b2632a377d9f0a4b4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1745421442000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"05c18ccf9fe60b7c9fa051a1509169c3","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1745421442000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b589bb208db3956d90dbe07df95e3e8f","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1745421442000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"8bd12c3f500108fffe3564d13a3b8568","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1745421442000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"975171e3193fda8b4190d9b8e7a0dfb0","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9840929447646963
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spir4zJwtNBwtNbRZ6bRZ47rF:TVl2GL7ms6ggOVpiEzutYtp6P8B
MD5:	C3FE5771777C2EE3B78C7A60221B8608
SHA1:	4D1A9743FA04F9AD3B9585BA4701ACBB7B792D03
SHA-256:	80663FE1D2AF4F11A7E3CE56CBD12C34B4347885F439DA14A3051B66190CF39B
SHA-512:	FF8D67B6E62ADE3E3C75D7A26E988161FB33E667D0BD945194B22CA1E072200B110F4065B3AE5D6721448E0B68413CA262DE26353B5FA2CF899F75E20C9F9713
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3350910740476993
Encrypted:	false
SSDEEP:	24:7+tuAD1RZKHs/Ds/SpirPzJwtNBwtNbRZ6bRZWf1RZK2qLBx/XYKQvGJF7ursZ:7MuGgOVpi7zutYtp6PMrqll2GL7msZ
MD5:	BAB0D7568A8BBA94E02499ED2AA90587
SHA1:	6362376148245E2A00B56430B3A944EC6EF463E3
SHA-256:	89A5D2CC8D16FDF3D044E3621170AB7CAA6EEB363F18B667AAAF9F8196925212
SHA-512:	27B5FBEBDD64B45C1A40AAF2AD805B72ACB3D7F0DACD491CD87ACEBFC0973B88D37087BAB933CC2F16F26565CE2F618472396EB2930057C62F471C5E22164BAB
Malicious:	false
Preview:	.... .c.......F{......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI46bf2.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.505069684106714
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rkClEIH:Qw946cPbiOxDlbYnuRKNIH
MD5:	CA13FDAE5CD1B81D6E9180502C673577
SHA1:	80BFD249538F52030D024C696C40F4C82DFD54C1
SHA-256:	156CB1235AB80B7CF0FCD56159F722D26847DC4EB661A5A91C2E37D51C3A2607
SHA-512:	0D78AD2AAEBCC0D515E56497E3B70BE704EB9278FAF611878CCCC3FCE1247C64E356F45D9852B1F6A28C9D3FB048276C546A9943EB1725863AEFAF59E9A0B81E
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.0.4./.2.0.2.5. . .1.1.:.1.7.:.2.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-23 11-17-18-148.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.339087839629047
Encrypted:	false
SSDEEP:	384:1ae9c9h9096ObO7COjOEOmOMOzObTO3OdbilBlV4jbXOcOIO1OCO/04n4b4xlvmH:gJcF
MD5:	2401861902CB98756EA03BFE8EA3FFA0
SHA1:	C34A5597C67C6E8F8898C6A587995E052DC514DB
SHA-256:	9092D208DD57F330BF2F89096BE2C58E29F488108CA90AC99FC9F0882AFEC4C1
SHA-512:	60625CAC4EED68BE27611C469D1F7394B72E490193316D0CF19AAF0FA238CD80A0EF2A611076E9A4C7FAE8398F23E6A60E8003388E56C516CE99DEB59A1DF953
Malicious:	false
Preview:	SessionID=3152175a-32cd-4be4-a65a-81b8f8e0c35a.1745421438183 Timestamp=2025-04-23T11:17:18:183-0400 ThreadID=6936 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=3152175a-32cd-4be4-a65a-81b8f8e0c35a.1745421438183 Timestamp=2025-04-23T11:17:18:197-0400 ThreadID=6936 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=3152175a-32cd-4be4-a65a-81b8f8e0c35a.1745421438183 Timestamp=2025-04-23T11:17:18:197-0400 ThreadID=6936 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=3152175a-32cd-4be4-a65a-81b8f8e0c35a.1745421438183 Timestamp=2025-04-23T11:17:18:197-0400 ThreadID=6936 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=3152175a-32cd-4be4-a65a-81b8f8e0c35a.1745421438183 Timestamp=2025-04-23T11:17:18:197-0400 ThreadID=6936 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.401360781648887
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbD:xLBYAqWWMDNii
MD5:	677EEE1FAFEB70F656E87958BE7EFF6A
SHA1:	FD14807529F0413F79999F2E299E0533BC5A5852
SHA-256:	A5A2C2BD5E58AB8B01140A2DBADF54B470C2794337099F502D2147B0282FB38F
SHA-512:	4ED230586424CED2BBEB6B0F64E58A44E542B13F43C8858B196751E052769FDD372D3723D8072E804E6DD6DA4E57000A6D2ACFE9C8DD77FAFFE8CFA21D728BEB
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\751379c7-35f3-4fab-bdd4-3e8a8854d2bf.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
MD5:	774036904FF86EB19FCE18B796528E1E
SHA1:	2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
SHA-256:	D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
SHA-512:	9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
Malicious:	false
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\9bdbe272-662f-4ba3-809e-37441a910abe.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/9wYIGNPQmeWL07oXGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:lwZG2XWLxXGZN3mlind9i4ufFXpAXkru
MD5:	CDB0A9F62FD4871F0603FBBF1FE6BD06
SHA1:	C972A2B8E6E7CD72A156C1EAB8F5F31E76A7DA24
SHA-256:	85BD3F2168D078DFF0ECEB670C3DC651E8797522C6A2921EC478EAD5A09E415F
SHA-512:	7FC3B110A45F9D518FEA45930B73F196FEE7DF472A17FB2CBB19A3BCBF5C78D439F68E2C615D8DACD5821EF60C1447112FB86431D768E28D9F08457563011F28
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\d536ea3d-8350-4633-a0f0-16cce836e167.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\dad5515e-c4fd-4550-91ea-578a6f631414.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa
MD5:	22B260CB8C51C0D68C6550E4B061E25A
SHA1:	DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
SHA-256:	DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
SHA-512:	503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.7, 1 pages
Entropy (8bit):	7.8279188592290785
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	HVT2025_410969.pdf
File size:	315'097 bytes
MD5:	48b4d49c07645a196013979df815a56a
SHA1:	1422486f0d9863876797d05915b044e501a6d38d
SHA256:	86231dadcde551ecc69fb44cc7506404aa3b6c5ca85080b179238aa1e3dd79b4
SHA512:	a7e6f483adbe6d2b249e7760d52faac9b3a766ca94cfd7d49d3ec6a5cdd44173c0e4b6478ae3bc36f242931c211b493d9eabbca6d7caabb237da1caa21ac505f
SSDEEP:	6144:NBvxUlF6V2nRRngMitCzsGQiJJ3V2eGPWXNOngd55B:NBe+V27iIwuPIeG+dOng/5B
TLSH:	A764E1841E31B5A3C3A64137AC274FC4797426E974D0398CD13474F4E2E4AFDABA09EA
File Content Preview:	%PDF-1.7.%......1 0 obj.<</Type/Catalog/Pages 2 0 R>>.endobj..2 0 obj.<</Type/Pages/Count 1/Kids[4 0 R]>>.endobj..3 0 obj.<</XObject<</fzImg0 5 0 R>>>>.endobj..4 0 obj.<</Type/Page/MediaBox[0 0 595 842]/Rotate 0/Resources 3 0 R/Parent 2 0 R/Contents[6 0 R

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.827919
Total Bytes:	315097
Stream Entropy:	7.827098
Stream Bytes:	314311
Entropy outside Streams:	5.144981
Bytes outside Streams:	786
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	6
endobj	6
stream	2
endstream	2
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	31395131611d1941	8fdc3aeeb2e68e853d93de08e3ffb853

Network Behavior

⊘No network behavior found

Statistics

Click to jump to process

Memory Usage

• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7036, Parent PID: 3084

Function Logs

General

Target ID:	3
Start time:	11:17:13
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\HVT2025_410969.pdf"
Imagebase:	0x7ff66a0c0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Created

File Moved

File Read

Other File Operations

Volume Information Queried

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Created

Key Deleted

Key Value Created

Key Value Deleted

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Execution Resumed

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

System Information Queried

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

Window Created

Window UI Found

Window UI Enumerated

Show Windows behavior

Process Token Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 8016, Parent PID: 7036

Function Logs

General

Target ID:	4
Start time:	11:17:14
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff71efe0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Read

Other File Operations

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Process Terminated

Show Windows behavior

Thread Activities

Thread Created

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 8308, Parent PID: 8016

Function Logs

General

Target ID:	5
Start time:	11:17:16
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1568,i,16431447686442116659,9203199988206534024,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff71efe0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report HVT2025_410969.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9fc53497-2d42-40f5-b65e-075e14c4a7c0.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250423151719Z-174.bmp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6324

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI46bf2.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-23 11-17-18-148.log

Windows Analysis Report
HVT2025_410969.pdf