Loading ...

Play interactive tourEdit tour

Analysis Report Minerva Bunkering (covid-19 stimulus funds).pdf

Overview

General Information

Sample Name:Minerva Bunkering (covid-19 stimulus funds).pdf
Analysis ID:319937
MD5:ec8cab28ade934e04d75978b41f4add2
SHA1:a1acf24bf7d8e9a886d56b51fa0e0d968daea89a
SHA256:47093fca6e0c5522f65da88af807e8706af9eba01c84ec29d108af469fe65eb9

Most interesting Screenshot:

Detection

Score:22
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Outdated Microsoft Office dropper detected
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Classification

Analysis Advice

All domains contacted by the sample do not resolve. Likely the sample is an old dropper which does no longer work
No malicious behavior found, analyze the document also on other version of Office / Acrobat



Startup

  • System is w10x64
  • AcroRd32.exe (PID: 6688 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • AcroRd32.exe (PID: 6756 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • RdrCEF.exe (PID: 6900 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 7060 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15373597887766909572 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15373597887766909572 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6168 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=14791092664178826494 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 5416 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8492071965490764970 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8492071965490764970 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 5808 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14373895592216979608 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14373895592216979608 --renderer-client-id=5 --mojo-platform-channel-handle=1868 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6488 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9425941586031478083 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9425941586031478083 --renderer-client-id=6 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
    • chrome.exe (PID: 5328 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://shbfinanceonline.com/shbfinanceonline/redirect.html' MD5: C139654B5C1438A95B321BB01AD63EF6)
      • chrome.exe (PID: 5480 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,4823254970071819640,4137079253599972124,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results
Source: global trafficDNS query: name: shbfinanceonline.com
Source: global trafficDNS query: name: shbfinanceonline.com

Networking:

barindex
Outdated Microsoft Office dropper detectedShow sources
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeDNS query: shbfinanceonline.com is down
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeDNS query: shbfinanceonline.com is down
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 80.0.0.0 80.0.0.0
Source: unknownDNS traffic detected: query: shbfinanceonline.com replaycode: Server failure (2)
Source: unknownDNS traffic detected: query: shbfinanceonline.com replaycode: Server failure (2)
Source: unknownDNS traffic detected: queries for: shbfinanceonline.com
Source: unknownDNS traffic detected: queries for: shbfinanceonline.com
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/(15)
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/.3/
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000001.00000002.382550019.000000000B962000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.comYou
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/EG
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/00-C66
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#CLSID
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/I
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/property#a
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#332-100
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#j
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000002.382550019.000000000B962000.00000004.00000001.sdmpString found in binary or memory: http://www.miost.com/pographyonts/default.aspx
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.npes.org/pdfx/ns/id/e
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.385328984.000000000BC5D000.00000004.00000001.sdmpString found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.382878528.000000000BAD7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.382409726.000000000B938000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.382409726.000000000B938000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/f
Source: AcroRd32.exe, 00000001.00000002.382409726.000000000B938000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/l
Source: AcroRd32.exe, 00000001.00000002.382878528.000000000BAD7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Ze
Source: AcroRd32.exe, 00000001.00000002.382878528.000000000BAD7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/es
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://accounts.google.com
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://apis.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://clients2.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://clients2.googleusercontent.com
Source: ba6be382-ac6f-4a96-b167-1d78d8d5f8c2.tmp.23.dr, c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://dns.google
Source: 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://fonts.googleapis.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://fonts.gstatic.com
Source: AcroRd32.exe, 00000001.00000002.374028036.00000000097E0000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000002.374028036.00000000097E0000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.comU
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://ogs.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://play.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.drString found in binary or memory: https://r4---sn-4g5e6nlk.gvt1.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.drString found in binary or memory: https://redirector.gvt1.com
Source: Current Session.21.drString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.html
Source: Minerva Bunkering (covid-19 stimulus funds).pdfString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.html)
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.html=
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.html?
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.htmlM
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.com:2s)
Source: AcroRd32.exe, 00000001.00000002.388172684.000000000D201000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.comE
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://ssl.gstatic.com
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://www.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://www.googleapis.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://www.gstatic.com
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/(15)
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/.3/
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000001.00000002.382550019.000000000B962000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.comYou
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/EG
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/00-C66
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#CLSID
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/I
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/property#a
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#332-100
Source: AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#j
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000002.382550019.000000000B962000.00000004.00000001.sdmpString found in binary or memory: http://www.miost.com/pographyonts/default.aspx
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: http://www.npes.org/pdfx/ns/id/e
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.385328984.000000000BC5D000.00000004.00000001.sdmpString found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.382878528.000000000BAD7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.382409726.000000000B938000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.382409726.000000000B938000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/f
Source: AcroRd32.exe, 00000001.00000002.382409726.000000000B938000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/l
Source: AcroRd32.exe, 00000001.00000002.382878528.000000000BAD7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Ze
Source: AcroRd32.exe, 00000001.00000002.382878528.000000000BAD7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/es
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://accounts.google.com
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://apis.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://clients2.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://clients2.googleusercontent.com
Source: ba6be382-ac6f-4a96-b167-1d78d8d5f8c2.tmp.23.dr, c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://dns.google
Source: 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://fonts.googleapis.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://fonts.gstatic.com
Source: AcroRd32.exe, 00000001.00000002.374028036.00000000097E0000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000002.374028036.00000000097E0000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.comU
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://ogs.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://play.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.drString found in binary or memory: https://r4---sn-4g5e6nlk.gvt1.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.drString found in binary or memory: https://redirector.gvt1.com
Source: Current Session.21.drString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.html
Source: Minerva Bunkering (covid-19 stimulus funds).pdfString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.html)
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.html=
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.html?
Source: AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.com/shbfinanceonline/redirect.htmlM
Source: AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.com:2s)
Source: AcroRd32.exe, 00000001.00000002.388172684.000000000D201000.00000004.00000001.sdmpString found in binary or memory: https://shbfinanceonline.comE
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://ssl.gstatic.com
Source: AcroRd32.exe, 00000001.00000002.373689335.0000000008EBD000.00000002.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://www.google.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://www.googleapis.com
Source: c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drString found in binary or memory: https://www.gstatic.com
Source: classification engineClassification label: sus22.troj.winPDF@28/94@6/3
Source: Minerva Bunkering (covid-19 stimulus funds).pdfInitial sample: https://shbfinanceonline.com/shbfinanceonline/redirect.html
Source: Minerva Bunkering (covid-19 stimulus funds).pdfInitial sample: https://shbfinanceonline.com/shbfinanceonline/redirect.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIconsJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIconsJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rb35f67_1fstjso_57o.tmpJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rb35f67_1fstjso_57o.tmpJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf'
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf'
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15373597887766909572 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15373597887766909572 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=14791092664178826494 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8492071965490764970 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8492071965490764970 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14373895592216979608 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14373895592216979608 --renderer-client-id=5 --mojo-platform-channel-handle=1868 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9425941586031478083 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9425941586031478083 --renderer-client-id=6 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://shbfinanceonline.com/shbfinanceonline/redirect.html'
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,4823254970071819640,4137079253599972124,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://shbfinanceonline.com/shbfinanceonline/redirect.html'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15373597887766909572 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15373597887766909572 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=14791092664178826494 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8492071965490764970 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8492071965490764970 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14373895592216979608 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14373895592216979608 --renderer-client-id=5 --mojo-platform-channel-handle=1868 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9425941586031478083 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9425941586031478083 --renderer-client-id=6 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,4823254970071819640,4137079253599972124,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf'
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf'
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15373597887766909572 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15373597887766909572 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=14791092664178826494 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8492071965490764970 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8492071965490764970 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14373895592216979608 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14373895592216979608 --renderer-client-id=5 --mojo-platform-channel-handle=1868 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9425941586031478083 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9425941586031478083 --renderer-client-id=6 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://shbfinanceonline.com/shbfinanceonline/redirect.html'
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,4823254970071819640,4137079253599972124,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://shbfinanceonline.com/shbfinanceonline/redirect.html'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15373597887766909572 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15373597887766909572 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=14791092664178826494 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8492071965490764970 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8492071965490764970 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14373895592216979608 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14373895592216979608 --renderer-client-id=5 --mojo-platform-channel-handle=1868 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9425941586031478083 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9425941586031478083 --renderer-client-id=6 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,4823254970071819640,4137079253599972124,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile opened: C:\Windows\SysWOW64\Msftedit.dll
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile opened: C:\Windows\SysWOW64\Msftedit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: Minerva Bunkering (covid-19 stimulus funds).pdfInitial sample: PDF keyword /JS count = 0
Source: Minerva Bunkering (covid-19 stimulus funds).pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Minerva Bunkering (covid-19 stimulus funds).pdfInitial sample: PDF keyword /JS count = 0
Source: Minerva Bunkering (covid-19 stimulus funds).pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Minerva Bunkering (covid-19 stimulus funds).pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Minerva Bunkering (covid-19 stimulus funds).pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: AcroRd32.exe, 00000001.00000002.387317181.000000000D15B000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_F
Source: AcroRd32.exe, 00000001.00000002.373838829.00000000096D0000.00000004.00000001.sdmpBinary or memory string: QEmustom
Source: AcroRd32.exe, 00000001.00000002.387317181.000000000D15B000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_F
Source: AcroRd32.exe, 00000001.00000002.373838829.00000000096D0000.00000004.00000001.sdmpBinary or memory string: QEmustom
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeCode function: 1_2_053AA110 LdrInitializeThunk,
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeCode function: 1_2_053AA110 LdrInitializeThunk,
Source: AcroRd32.exe, 00000001.00000002.369024719.0000000005C10000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.369024719.0000000005C10000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.369024719.0000000005C10000.00000002.00000001.sdmpBinary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.369024719.0000000005C10000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: AcroRd32.exe, 00000001.00000002.369024719.0000000005C10000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.369024719.0000000005C10000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.369024719.0000000005C10000.00000002.00000001.sdmpBinary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.369024719.0000000005C10000.00000002.00000001.sdmpBinary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Spearphishing Link1Exploitation for Client Execution1Path InterceptionProcess Injection2Masquerading3OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Application Layer Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection2LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 319937 Sample: Minerva Bunkering (covid-19... Startdate: 18/11/2020 Architecture: WINDOWS Score: 22 38 Outdated Microsoft Office dropper detected 2->38 7 AcroRd32.exe 15 45 2->7         started        process3 process4 9 chrome.exe 10 56 7->9         started        12 AcroRd32.exe 10 7 7->12         started        14 RdrCEF.exe 66 7->14         started        dnsIp5 32 239.255.255.250 unknown Reserved 9->32 16 chrome.exe 15 9->16         started        34 shbfinanceonline.com 12->34 36 192.168.2.1 unknown unknown 14->36 19 RdrCEF.exe 14->19         started        21 RdrCEF.exe 14->21         started        23 RdrCEF.exe 14->23         started        25 2 other processes 14->25 process6 dnsIp7 27 shbfinanceonline.com 16->27 30 80.0.0.0 NTLGB United Kingdom 19->30 signatures8 40 Outdated Microsoft Office dropper detected 27->40

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Minerva Bunkering (covid-19 stimulus funds).pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ns.useplus.org/ldf/xmp/1.0/00-C660%Avira URL Cloudsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/EG0%Avira URL Cloudsafe
https://ims-na1.adobelogin.comU0%Avira URL Cloudsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.miost.com/pographyonts/default.aspx0%Avira URL Cloudsafe
https://shbfinanceonline.com/shbfinanceonline/redirect.html)0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/f0%Avira URL Cloudsafe
http://cipa.jp/exif/1.0/.3/0%Avira URL Cloudsafe
https://shbfinanceonline.com/shbfinanceonline/redirect.htmlM0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/0%Avira URL Cloudsafe
http://www.npes.org/pdfx/ns/id/0%URL Reputationsafe
http://www.npes.org/pdfx/ns/id/0%URL Reputationsafe
http://www.npes.org/pdfx/ns/id/0%URL Reputationsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/l0%Avira URL Cloudsafe
http://www.osmf.org/drm/default0%URL Reputationsafe
http://www.osmf.org/drm/default0%URL Reputationsafe
http://www.osmf.org/drm/default0%URL Reputationsafe
https://shbfinanceonline.com/shbfinanceonline/redirect.html?0%Avira URL Cloudsafe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn0%URL Reputationsafe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn0%URL Reputationsafe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn0%URL Reputationsafe
https://shbfinanceonline.com/shbfinanceonline/redirect.html=0%Avira URL Cloudsafe
https://shbfinanceonline.com:2s)0%Avira URL Cloudsafe
http://www.npes.org/pdfx/ns/id/e0%Avira URL Cloudsafe
http://www.osmf.org/subclip/1.00%URL Reputationsafe
http://www.osmf.org/subclip/1.00%URL Reputationsafe
http://www.osmf.org/subclip/1.00%URL Reputationsafe
https://dns.google0%Avira URL Cloudsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Ze0%Avira URL Cloudsafe
https://.OKCancelEdit0%Avira URL Cloudsafe
https://shbfinanceonline.com/shbfinanceonline/redirect.html0%Avira URL Cloudsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://cipa.jp/exif/1.0/(15)0%URL Reputationsafe
http://cipa.jp/exif/1.0/(15)0%URL Reputationsafe
http://cipa.jp/exif/1.0/(15)0%URL Reputationsafe
http://fontfabrik.comYou0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/es0%Avira URL Cloudsafe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes0%URL Reputationsafe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes0%URL Reputationsafe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes0%URL Reputationsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/0%Avira URL Cloudsafe
http://www.quicktime.com.Acrobat0%URL Reputationsafe
http://www.quicktime.com.Acrobat0%URL Reputationsafe
http://www.quicktime.com.Acrobat0%URL Reputationsafe
https://shbfinanceonline.comE0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
shbfinanceonline.com
unknown
unknowntrue
    unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://ns.useplus.org/ldf/xmp/1.0/00-C66AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://www.aiim.org/pdfa/ns/schema#AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
      high
      http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/absAcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      unknown
      http://iptc.org/std/Iptc4xmpExt/2008-02-29/EGAcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://www.aiim.org/pdfa/ns/property#aAcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
        high
        http://www.aiim.org/pdfa/ns/id/IAcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpfalse
          high
          https://ims-na1.adobelogin.comUAcroRd32.exe, 00000001.00000002.374028036.00000000097E0000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://cipa.jp/exif/1.0/AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          unknown
          http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/defaultAcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          unknown
          http://www.miost.com/pographyonts/default.aspxAcroRd32.exe, 00000001.00000002.382550019.000000000B962000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://shbfinanceonline.com/shbfinanceonline/redirect.html)Minerva Bunkering (covid-19 stimulus funds).pdffalse
          • Avira URL Cloud: safe
          unknown
          https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/fAcroRd32.exe, 00000001.00000002.382409726.000000000B938000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          low
          http://www.aiim.org/pdfa/ns/type#AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
            high
            http://cipa.jp/exif/1.0/.3/AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://shbfinanceonline.com/shbfinanceonline/redirect.htmlMAcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://api.echosign.comAcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpfalse
              high
              https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/AcroRd32.exe, 00000001.00000002.382409726.000000000B938000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              low
              http://www.npes.org/pdfx/ns/id/AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              unknown
              https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/lAcroRd32.exe, 00000001.00000002.382409726.000000000B938000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              low
              http://www.osmf.org/drm/defaultAcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              unknown
              https://shbfinanceonline.com/shbfinanceonline/redirect.html?AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dynAcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              unknown
              http://www.aiim.org/pdfa/ns/extension/AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
                high
                https://shbfinanceonline.com/shbfinanceonline/redirect.html=AcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://shbfinanceonline.com:2s)AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                low
                http://www.npes.org/pdfx/ns/id/eAcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.osmf.org/subclip/1.0AcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                unknown
                http://www.aiim.org/pdfa/ns/property#AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
                  high
                  https://dns.googleba6be382-ac6f-4a96-b167-1d78d8d5f8c2.tmp.23.dr, c15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://ns.useplus.org/ldf/xmp/1.0/AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  unknown
                  https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/ZeAcroRd32.exe, 00000001.00000002.382878528.000000000BAD7000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  low
                  http://www.aiim.org/pdfa/ns/id/AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpfalse
                    high
                    https://.OKCancelEditAcroRd32.exe, 00000001.00000002.388286509.000000000D24E000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    low
                    https://shbfinanceonline.com/shbfinanceonline/redirect.htmlCurrent Session.21.drfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://iptc.org/std/Iptc4xmpExt/2008-02-29/AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    http://www.osmf.org/layout/anchorAcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    http://www.aiim.org/pdfa/ns/type#jAcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
                      high
                      http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      http://www.aiim.org/pdfe/ns/id/AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpfalse
                        high
                        http://cipa.jp/exif/1.0/(15)AcroRd32.exe, 00000001.00000002.385693605.000000000CFE0000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        http://www.aiim.org/pdfa/ns/type#332-100AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
                          high
                          http://fontfabrik.comYouAcroRd32.exe, 00000001.00000002.382550019.000000000B962000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/esAcroRd32.exe, 00000001.00000002.382878528.000000000BAD7000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          low
                          http://www.aiim.org/pdfa/ns/field#AcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
                            high
                            http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributesAcroRd32.exe, 00000001.00000002.371360278.0000000008000000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/AcroRd32.exe, 00000001.00000002.382878528.000000000BAD7000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            https://clients2.googleusercontent.comc15ae90d-79de-439a-bd2d-a7041380172c.tmp.23.dr, 81dbe153-204c-48f1-b25a-aae4010a7967.tmp.23.drfalse
                              high
                              http://www.quicktime.com.AcrobatAcroRd32.exe, 00000001.00000002.385328984.000000000BC5D000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              unknown
                              https://ims-na1.adobelogin.comAcroRd32.exe, 00000001.00000002.374028036.00000000097E0000.00000004.00000001.sdmpfalse
                                high
                                https://shbfinanceonline.comEAcroRd32.exe, 00000001.00000002.388172684.000000000D201000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.aiim.org/pdfa/ns/field#CLSIDAcroRd32.exe, 00000001.00000002.386718649.000000000D0D5000.00000004.00000001.sdmpfalse
                                  high

                                  Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public

                                  IPDomainCountryFlagASNASN NameMalicious
                                  239.255.255.250
                                  unknownReserved
                                  unknownunknownfalse
                                  80.0.0.0
                                  unknownUnited Kingdom
                                  5089NTLGBfalse

                                  Private

                                  IP
                                  192.168.2.1

                                  General Information

                                  Joe Sandbox Version:31.0.0 Red Diamond
                                  Analysis ID:319937
                                  Start date:18.11.2020
                                  Start time:20:59:22
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 6m 35s
                                  Hypervisor based Inspection enabled:false
                                  Report type:light
                                  Sample file name:Minerva Bunkering (covid-19 stimulus funds).pdf
                                  Cookbook file name:defaultwindowspdfcookbook.jbs
                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                  Number of analysed new started processes analysed:37
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:SUS
                                  Classification:sus22.troj.winPDF@28/94@6/3
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HDC Information:Failed
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 0
                                  • Number of non-executed functions: 0
                                  Cookbook Comments:
                                  • Adjust boot time
                                  • Enable AMSI
                                  • Found application associated with file extension: .pdf
                                  • Found PDF document
                                  • Find and activate links
                                  • Security Warning found
                                  • Close Viewer
                                  Warnings:
                                  Show All
                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                  • Excluded IPs from analysis (whitelisted): 13.64.90.137, 52.255.188.83, 92.122.146.26, 2.20.143.130, 2.20.142.203, 51.11.168.160, 2.18.68.82, 2.20.142.209, 2.20.142.210, 20.54.26.129, 216.58.209.35, 216.58.206.14, 216.58.208.141, 172.217.16.142, 172.217.22.14, 216.58.206.78, 74.125.173.42, 92.122.213.194, 92.122.213.247, 51.104.144.132, 172.217.16.131, 173.194.182.104, 216.58.198.35, 52.155.217.156
                                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, e4578.dscb.akamaiedge.net, r3---sn-4g5ednld.gvt1.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, acroipm2.adobe.com, arc.msn.com, r4---sn-4g5e6nlk.gvt1.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, clients2.google.com, redirector.gvt1.com, a122.dscd.akamai.net, audownload.windowsupdate.nsatc.net, update.googleapis.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, google.com, fs.microsoft.com, r4.sn-4g5e6nlk.gvt1.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, r3.sn-4g5ednld.gvt1.com, umwatsonrouting.trafficmanager.net, skypedataprdcoleus17.cloudapp.net, armmf.adobe.com, clients.l.google.com
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  21:00:17API Interceptor10x Sleep call for process: RdrCEF.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  239.255.255.250PURCHASE ORDER 998S.htmlGet hashmaliciousBrowse
                                    ACHWlRE REMlTTANCE ADVlCE..xlsxGet hashmaliciousBrowse
                                      https://www.canva.com/design/DAEN4Gk1aAs/uErgK6sn3gPozGMXWtYgqA/view?utm_content=DAEN4Gk1aAs&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                        malware.htmlGet hashmaliciousBrowse
                                          ACH & WlRE REMlTTANCE.xlsxGet hashmaliciousBrowse
                                            https://duemiglia.comGet hashmaliciousBrowse
                                              https://rb.gy/pt1wisGet hashmaliciousBrowse
                                                https://appdomomodeco.azurewebsites.net/Ze8Uc/RTkerMO~~/94NqmS/10eL3t7y5r/ertfg.php?bbre=b2c87a93e0cf0ea371b00359ad7f0b72Get hashmaliciousBrowse
                                                  https://agrabadconventionhall.com/redirect-outlook.com/server%20configuration/?#info@herbertarchitekten.deGet hashmaliciousBrowse
                                                    https://agrabadconventionhall.com/redirect-outlook.com/server configuration/Get hashmaliciousBrowse
                                                      http://cricketventures.comGet hashmaliciousBrowse
                                                        http://attachedofficebox.comGet hashmaliciousBrowse
                                                          https://www.canva.com/design/DAENxfvgrAs/5Tn-gJFr52_HLDFhOay41A/view?utm_content=DAENxfvgrAs&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                                            https://oxy.sendx.io/lp/oryxus.htmlGet hashmaliciousBrowse
                                                              https://www.notion.so/secure-file-f93a8d7efae24a4fb2178eacaac53379Get hashmaliciousBrowse
                                                                http://172.67.185.146Get hashmaliciousBrowse
                                                                  http://104.18.34.162Get hashmaliciousBrowse
                                                                    https://variationnotice.carrd.co/Get hashmaliciousBrowse
                                                                      https://www.canva.com/design/DAENx2tGxps/vL1NkZHvzk9dVMEIC5z7ZQ/view?utm_content=DAENx2tGxps&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                                                        http://cloudfront.comGet hashmaliciousBrowse
                                                                          80.0.0.0http://post.spmailtechnolo.com/f/a/h2coVlte-PnQgGolAw1FlQ~~/AAH5oAA~/RgRhk9ssP0QiaHR0cHM6Ly93d3cud2F6cC5pby9kb3dubG9hZC82MTI3L1cDc3BjQgoAJyxWsV-4NRnDUhVzY290dC50YXlsb3JAdG1hZy5jb21YBAAAAG4~Get hashmaliciousBrowse
                                                                            5wnaEGcbc7.exeGet hashmaliciousBrowse
                                                                              Kpw6TB725f.exeGet hashmaliciousBrowse
                                                                                LWwoiTLRjW.exeGet hashmaliciousBrowse
                                                                                  Gt2YstXx3K.exeGet hashmaliciousBrowse
                                                                                    ForQuotation_RMS22100.exeGet hashmaliciousBrowse
                                                                                      http://www.dropbox.com/l/AAA5d-90vlipt6OAJjh2DZ1FLO-gN1n6Y0kGet hashmaliciousBrowse
                                                                                        lpa007556982664_lpa007556982664SignEpay.pdf.exeGet hashmaliciousBrowse
                                                                                          http://weblaunch.blifax.com/listener3/redirect?l=eeb2fa99-1431-48eb-96f0-2c92d33c4ffc&id=b5caaf3c-221e-eb11-9a4b-000c29140d8a&u=https%3a%2f%2fdocument.epiq11.com%2fdocument%2fgetdocumentbycode%2f%3fdocId%3d3810579%26projectCode%3dTOT%26source%3ddmGet hashmaliciousBrowse
                                                                                            https://compliancetest-my.sharepoint.com/:b:/g/personal/breem_compliancetesting_com/Eea_DqHyOdpKgMecDkmEb-gBbrGjRA3g1tC-Cg8ccbaUzw?e=4%3aKZBmIk&at=9Get hashmaliciousBrowse
                                                                                              ZuzYY.pdfGet hashmaliciousBrowse
                                                                                                bZxBs.pdfGet hashmaliciousBrowse
                                                                                                  AjZHP.pdfGet hashmaliciousBrowse
                                                                                                    AjZHP.pdfGet hashmaliciousBrowse
                                                                                                      bZxBs.pdfGet hashmaliciousBrowse
                                                                                                        Wkvmz.pdfGet hashmaliciousBrowse
                                                                                                          gHpOg.pdfGet hashmaliciousBrowse
                                                                                                            OGkYi.pdfGet hashmaliciousBrowse
                                                                                                              xB6LF3lYwK.exeGet hashmaliciousBrowse
                                                                                                                http://tftpd32.jounin.net/download/tftpd32.452.zipGet hashmaliciousBrowse

                                                                                                                  Domains

                                                                                                                  No context

                                                                                                                  ASN

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                  NTLGBhttp://post.spmailtechnolo.com/f/a/h2coVlte-PnQgGolAw1FlQ~~/AAH5oAA~/RgRhk9ssP0QiaHR0cHM6Ly93d3cud2F6cC5pby9kb3dubG9hZC82MTI3L1cDc3BjQgoAJyxWsV-4NRnDUhVzY290dC50YXlsb3JAdG1hZy5jb21YBAAAAG4~Get hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  5wnaEGcbc7.exeGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  Kpw6TB725f.exeGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  EnkIyRDCVr.exeGet hashmaliciousBrowse
                                                                                                                  • 62.31.150.202
                                                                                                                  LWwoiTLRjW.exeGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  Gt2YstXx3K.exeGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  ForQuotation_RMS22100.exeGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  http://www.dropbox.com/l/AAA5d-90vlipt6OAJjh2DZ1FLO-gN1n6Y0kGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  lpa007556982664_lpa007556982664SignEpay.pdf.exeGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  http://weblaunch.blifax.com/listener3/redirect?l=eeb2fa99-1431-48eb-96f0-2c92d33c4ffc&id=b5caaf3c-221e-eb11-9a4b-000c29140d8a&u=https%3a%2f%2fdocument.epiq11.com%2fdocument%2fgetdocumentbycode%2f%3fdocId%3d3810579%26projectCode%3dTOT%26source%3ddmGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  https://compliancetest-my.sharepoint.com/:b:/g/personal/breem_compliancetesting_com/Eea_DqHyOdpKgMecDkmEb-gBbrGjRA3g1tC-Cg8ccbaUzw?e=4%3aKZBmIk&at=9Get hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  ZuzYY.pdfGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  bZxBs.pdfGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  AjZHP.pdfGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  AjZHP.pdfGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  bZxBs.pdfGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  Wkvmz.pdfGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  gHpOg.pdfGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  OGkYi.pdfGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0
                                                                                                                  xB6LF3lYwK.exeGet hashmaliciousBrowse
                                                                                                                  • 80.0.0.0

                                                                                                                  JA3 Fingerprints

                                                                                                                  No context

                                                                                                                  Dropped Files

                                                                                                                  No context

                                                                                                                  Created / dropped Files

                                                                                                                  C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):451603
                                                                                                                  Entropy (8bit):5.009711072558331
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
                                                                                                                  MD5:A78AD14E77147E7DE3647E61964C0335
                                                                                                                  SHA1:CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
                                                                                                                  SHA-256:0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
                                                                                                                  SHA-512:DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview: BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):820
                                                                                                                  Entropy (8bit):5.694836464462536
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:vDRM9qZiE4DRM9EZiEmDRM9IZiEz/5DRM9IMZiE0:7iEeIEMAEz/dTE
                                                                                                                  MD5:87BD559741E910A8BBEDE382C0F3A428
                                                                                                                  SHA1:7E1403F851D01DB2D9AEAA0990C9DB1A101D5C75
                                                                                                                  SHA-256:01123DD13960723CE23C987C740DB915E0B1A8B89A1D948FF998548F69A7B386
                                                                                                                  SHA-512:A65C655A18AFC30D67E9C811D63312EEE2E16FE4E0C17234E64F57CA41BB37EBF6370B6FD92FDB7572BF30AE99D5E11107E8DE93F69F5B11408DFEF85F81C0FA
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview: 0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .a.}.../....."#.D...~..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo.......Z.s........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .p...../....."#.DuV1.~..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo........h........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .F...../....."#.Dsg..~..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo..................0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .z.A.../....."#.D2...~..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo........y........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):696
                                                                                                                  Entropy (8bit):5.660039013721331
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:V9zEgi9PQz+H9z/dV9PQkd9z69i9PQI39z1Z9PQT:Xzo9PQzuz//9PQgzKi9PQINzj9PQT
                                                                                                                  MD5:597814C30AF42994969C9A725508238D
                                                                                                                  SHA1:604453C5FD1A585496EA251F57B915DB58475E5B
                                                                                                                  SHA-256:F021AEA32EAF7F7C0F662EB15D4A0AF686C91797F7660506C1056872C6131B8D
                                                                                                                  SHA-512:6CB03D55A765B0F33B1F5E6F564EEC6D8D88FF038CB0D47E227811F8A85B53DF2121BED3AA932CA2BE33034D27572A9538E26E9EDF5AF1565EABF70EAA3EBAC9
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview: 0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .;.m.../....."#.D.2w.~..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo.................0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ......./....."#.D....~..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo........V.........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .4...../....."#.D.^h.~..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo..................0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .].3.../....."#.D\X..~..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo......s.N.........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):984
                                                                                                                  Entropy (8bit):5.6518465386663115
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:tB4v4XEYSB3B4v4sSBpB4v4ISBZkB4v4/IESB:nMkEYSBxMTSBTMDSBZsMsxSB
                                                                                                                  MD5:8F2871432A2A0EBDE873EA85977A2457
                                                                                                                  SHA1:03DE40692BADE6F6344E47D8CDB1658E08204956
                                                                                                                  SHA-256:C67909010C656EA4FBFD3B6295B0CEE8FCB677663813F3A7C9B885E2672708AD
                                                                                                                  SHA-512:0076B250EED0B025FF848538D1BD71114B9ED5F94C15F34B09F068CFEB36D0C3BF9BD8FA7CD4916A8CAE82727850C5484A102BF938FD32075791A449852BAFC0
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..A}.../....."#.D....~..A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo....... .........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .q...../....."#.D..'.~..A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo......!..........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ......./....."#.Dp..~..A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo......Z..[........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ...@.../....."#.D....~..A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo......9...........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):464
                                                                                                                  Entropy (8bit):5.72474992779994
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mNtVYOFLvEWdFCi5RsOuE0iWulHyA1TK6tJNtVYOFLvEWdFCi5RsV/zPJiWulHyS:IbRkiD5XWuss3bRkiDWbgWussv
                                                                                                                  MD5:09615AC4DAB6A9AF0FBFF2D67E226E0C
                                                                                                                  SHA1:C78B590E8F5CE70D3DFEF43C4031E379834F6A2D
                                                                                                                  SHA-256:05AB06705395B846D97D1910EE92D638DDADAB635682962B86A0326758E2941E
                                                                                                                  SHA-512:CB99AEB37435DB02B266CA227AA805B6196026598B76CBA4F59D27A52ABF6FF01626C4C7A52AFEA40C0E620AE3E9BA3176A3597390FE046260B58E5A3A1D7D9F
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js .g..../....."#.D{1..~..A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo.........C........0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ..6..../....."#.Dp...~..A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo......OE.4........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):420
                                                                                                                  Entropy (8bit):5.619445340500721
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:m+yiXYOFLvEWd7VIGXVuGzlvgVyh9PT41TK6t/HFE+yiXYOFLvEWd7VIGXVu5O15:pyixRuigV41TEjzyixRuZOVV41TE
                                                                                                                  MD5:A3C08606C1B3D68C04EEFF430E2135F2
                                                                                                                  SHA1:2F1E2CA98D9E0DF7111EED27909DECCE71657939
                                                                                                                  SHA-256:B216B49A7BBB46CC8E1D87C3E1315BAF3A05101643D7068FCCAE3CFFEC4D02B5
                                                                                                                  SHA-512:2AB6AF1D87B8D4B2EB033CADD2CCFD833AA63DF39D6D0C4B63E3E47A7CA35E655CF5A0C9A9C0061282036784EE71F726683AFC65207FD378ADE06E4A34AC33F3
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ..H..../....."#.Dc.(.~..Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo........b.........0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .6.@.../....."#.D.8..~..Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo......../.........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):432
                                                                                                                  Entropy (8bit):5.664324935216701
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mvYOFLvEWdhwjQX/WLZIl6P41TK6tOEvYOFLvEWdhwjQ4oCUbwLZIl6P41TK6t8b:0RhkZLZCHRhkSdbwLZC
                                                                                                                  MD5:D2C8FD3A83BAEF6BB86C78B35D0AEF3F
                                                                                                                  SHA1:B2EF49832B818F155B174E5AB51D37626977D9E0
                                                                                                                  SHA-256:42AD8FA2899B085F83E02E58393DF83E3BC197EBDD2D663775A28E3D16A03C45
                                                                                                                  SHA-512:4199E56AB089143F68A8EAADD12FF83B661334FD8DE92081CEF122DFA4E49BD604FB05ECE2F28644DE301C1B243BACBF87D943CCFB89E263D0EFC56D8D18EF09
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ......./....."#.D;o..~..A.].>....uUf..N...k......c..l.A..Eo...................A..Eo......5m..........0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js .YC>.../....."#.D....~..A.].>....uUf..N...k......c..l.A..Eo...................A..Eo......:...........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):418
                                                                                                                  Entropy (8bit):5.570215002220383
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mJYOFLvEWdGQRQOdQeklx6g1TK6tQJYOFLvEWdGQRQOdQaP66g1TK6tK:2RHRQC7616RHRQCZP61c
                                                                                                                  MD5:51E78EAE0E5CEC8E38C4AA3F400CED59
                                                                                                                  SHA1:10FC9D9A912D859D075ADB719D01625AE5EBB998
                                                                                                                  SHA-256:A28E0A2AF86E2DEB595A1C61A2D9542A9C6ED75FE542E1DF83CC8050E11C57D1
                                                                                                                  SHA-512:BF8D391DFABD810CE17A8532B4AE501D522FD0A92B51E67F58556F300446AD731C97027D4BACB7A317747B57271ED3562DF97E681F774CF2B5F56EE94BBB9203
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ..q..../....."#.DB.(.~..A..c..y/L....|y.n..C/I.....X7-ne.A..Eo...................A..Eo......V..F........0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ..uA.../....."#.D.c..~..A..c..y/L....|y.n..C/I.....X7-ne.A..Eo...................A..Eo..................
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):716
                                                                                                                  Entropy (8bit):5.642263694988466
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:Z5MCqxMuR/EOz5MR4gMcLMuR/EXB5MVlSMuR/ET5MsWaLMuR/EL:ZSxWuR/E8S7MNuR/EXBSVluR/ETSsboL
                                                                                                                  MD5:989B43F2078C59B71E19B37B9B833E8C
                                                                                                                  SHA1:04653BD88D6BD2758959F91EEF0C79558C365D2A
                                                                                                                  SHA-256:4FDD914AF466357C67F88451DCE9D9DDB33BCE44889BEDD395C53B6E15C3CFE3
                                                                                                                  SHA-512:D4F0DBCC083C0E2AF70BBDD0C002F8A4ADC669C8D17285CA6A4A67815CC111A77A563CE50C3BC75E0801AB891F28A0B9BCC365895B4D5C889B9F479F1E42B313
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ...m.../....."#.D..x.~..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......z.j.........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ......./....."#.D....~..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......./q.........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .y...../....."#.D..h.~..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......r..........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ...3.../....."#.D.k..~..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......K..........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\39c14c1f4b086971_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):212
                                                                                                                  Entropy (8bit):5.654550871678314
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mGpYOFLvEWdzAAuVpstY0b/m0bbsIDMGH41TK6t:XfRMoeKsIZE
                                                                                                                  MD5:D9442EE679DD7BB0921BB7C012F86455
                                                                                                                  SHA1:8C3D75374343174BB0E861D422C6204371BF7785
                                                                                                                  SHA-256:CAA7B7B17D0568C22EE4E02D97B989EEEE42E1710B8DD603B974D05BA22D29C3
                                                                                                                  SHA-512:FF0504AF5D54E4925594D30D7DB9D5C33F8B4F538247D7AE3541CE066F9A61A83D31ECA2D64276DEB9605D0B26B749F9F9C569EC579C63FB2C49A2E0CF652854
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......T....,.^...._keyhttps://rna-resource.acrobat.com/static/js/plugins/walk-through/js/selector.js ..2..../....."#.D..@.~..A..`.....^....L>..Xa./......C.y.A..Eo...................A..Eo......N..........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):428
                                                                                                                  Entropy (8bit):5.585953878590417
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:m4fPYOFLvEWdtuu/XfbGby0zBUKSAA1TK6tIF/M4fPYOFLvEWdtusX2iI35by0zY:pRNff6beiFbR/XVIJbe
                                                                                                                  MD5:11C0E174D5F65CF8759B86A71C20539D
                                                                                                                  SHA1:78ECDC27B1D8EC443006DC21E80596092EBC3E74
                                                                                                                  SHA-256:A268518C22F32628D79270EDA4B6F0B6395F3C70B20450647E2EF1E82142B099
                                                                                                                  SHA-512:3C555A30B6BF2F81F68A812A4D321B9AD730937D2DEA56691E8D7DD5A6899FDB0C21F92BFD3963E9B657632985431D1D6D9B270018CFC0943F049CF6B9B3FE8D
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ......./....."#.D.t).~..AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......=...........0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js .H)B.../....."#.D....~..AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo.......\.=........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):708
                                                                                                                  Entropy (8bit):5.586180359156474
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:KkXxKMSCvoytUl2kXxKMSCv53tUlNkXxKMSCvPrtUlTikXxKMSCvttUl:KkXxiCQyW2kXxiCh3WNkXxiC7W+kXxix
                                                                                                                  MD5:9B2B1458F72042AEC4C5420D2278CB7E
                                                                                                                  SHA1:C424D901D3629974EE55351D898A56487175307C
                                                                                                                  SHA-256:53FEBEB5F68AE68D4008E7E5AB42D0DBB3922DF68854B106CF4DDB6E4F42372C
                                                                                                                  SHA-512:5266B8398F0EA323B3861A962CA7C69C7E985C1F4C897C4BDC698291BE9DF55150959E4A2856B741F5D5AA83BFCBA14FB5ED48468AC87BA84ED7F5715B39836E
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ..m.../....."#.D,.w.~..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......A...........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .g...../....."#.D....~..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.........#........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .S...../....."#.DHoh.~..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......ro..........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ...3.../....."#.D|e..~..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.......:..........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):561
                                                                                                                  Entropy (8bit):5.647183125296807
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mkl9YOFLvEWsfOLpRuYyM+VY1TK6tK0Mkl9YOFLvEWsfOLuZn3JyM+VY1TK6tjkb:5h6OLpKkPzh6OLSEk6h6OLfc1vk
                                                                                                                  MD5:059BA8552E7B01FB8755834C2A3AF82F
                                                                                                                  SHA1:8FFA62B3FA9DA030760DE4D80162CB606A39439D
                                                                                                                  SHA-256:06F590E8F11321FE61082B0B872AD0CD84FAE7C9CCEE015F6081382CCF2F8EFB
                                                                                                                  SHA-512:339CC0601E09C353041012D5F69D1B180F184FD6444AA3DD7B04A490658A0E32863D7977BFC4836E009CDCFFD54A4E53CC269979937AA6D8BF218D827F0A6B61
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..Gy.../....."#.D'k..~..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......0...........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ......./....."#.D....~..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo.......+xv........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ...;.../....."#.D.y..~..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......S..J........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):976
                                                                                                                  Entropy (8bit):5.67705233552993
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:UB4v41MwzXLnMeB4v4GwzXLnPB4v40WwzXLntB4v41YwzXLn:8MyRbnZMCbnZMnjbnnM2bn
                                                                                                                  MD5:F948F03E8D49C63487EF372F4D8C8F5D
                                                                                                                  SHA1:C264B4322FC4F45F2DB94DC85F5BA9EBCF5630A5
                                                                                                                  SHA-256:66481B2474D4B41B323FF8A4C2341E02632B88364338F6EC7487E096E38C6095
                                                                                                                  SHA-512:AF600718775672226E1F8C67809CF3CE053838D5FE0C192417BD5BD7DC60011349D81F75F253C1A2CFC77B6AB4B0A542825AA1D05EF6E1F9F264D8EEE83C7928
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ...}.../....."#.D.W..~..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo........M.........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .cK..../....."#.Dv.+.~..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......X...........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ......./....."#.D'..~..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......!.o2........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ...A.../....."#.Dv...~..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo..................
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6267ed4d4a13f54b_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):210
                                                                                                                  Entropy (8bit):5.550230532302008
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mq9YOFLvEWdzAHdQl2+/W9Pk45GFCaa+41TK6tBM:NRMHdUXuL5Gda+EX
                                                                                                                  MD5:8DA964FBA9A19113D76B10B798F1DFF5
                                                                                                                  SHA1:4F6B168D360ECC4C15D2D9BB6F274F637AA27434
                                                                                                                  SHA-256:BE16B90E85B37B95C95BC1BC8D89A261C484046517BC5B3D857187D74C8177D0
                                                                                                                  SHA-512:01B75D8835390FDFDEA93D31B6EBB4867EC2E3E2A5A996CD6B30AF7A4770D120FF8C9167D431F90F21E5165CC399346037BA29723DE00D735E5222E2F40CD27F
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......R....L......_keyhttps://rna-resource.acrobat.com/static/js/plugins/walk-through/js/plugin.js ..P..../....."#.D..A.~..A...G.3D.....Q.g0...._.Q.........A..Eo...................A..Eo........8;........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):422
                                                                                                                  Entropy (8bit):5.538578588301002
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:ms2VYOFLvEWdvBIEGdeXuldGd/xEmS11TK6tHs2VYOFLvEWdvBIEGdeXuClDVWSs:BsR2EserdGisR2EseTtNy
                                                                                                                  MD5:570BE680AE890374C3C2DC628642F351
                                                                                                                  SHA1:589544B203662E030E2310317A8876F13E95DC1E
                                                                                                                  SHA-256:FB63B091557DFE7FC88059914DF385346A961E03DB08FDBA65B295DE287074C2
                                                                                                                  SHA-512:70E38C27D5E7FAEA09555A5DB3F6E6D4B241B3110B727E313E8EDF1D0B1961E4AA786790DF86FAD7171570D7B7659BFAF9AE0D19EEA38AFCAC009322E786A55F
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js .*V..../....."#.DAf(.~..A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo.......r.6........0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..x@.../....."#.D....~..A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo......$..t........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):404
                                                                                                                  Entropy (8bit):5.711379304763191
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:maVYOFLvEWdwAPCQX/N+B7OhKlvA1TK6tyaVYOFLvEWdwAPCQIma8b+B7OhKlvAf:RbR16E1IJk7bR16wxbIJk
                                                                                                                  MD5:7EB1727CCC11C51F4419BA60A1810EAF
                                                                                                                  SHA1:0C79AAE2AEE60149A0412E228E8568A35B4250E2
                                                                                                                  SHA-256:F1C91E88BD72A5B309CF270A5F2911100FEF1EDD4CD251ED656DB7F4B9BED99B
                                                                                                                  SHA-512:D5587296B0C8874F10547236994381B6632B16CA9480BECD60278DAAD41FBB253B1C39E5DE60EB2CBC3608D5FC46C45EAFFEAB67DD550989F5D6D9E2C314ED30
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js .N...../....."#.Dy<..~..A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo.........J........0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ..@>.../....."#.D.l..~..A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo.......hI.........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):422
                                                                                                                  Entropy (8bit):5.597882079959878
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:ms2gEYOFLvEWdGQRQVumWU0QdFt1TK6txcs2gEYOFLvEWdGQRQVuCRlDQdFt1TK+:B2geRHRQf00X2geRHRQL10
                                                                                                                  MD5:FD193FF6A2B0750CCE6ACEF75EB8A578
                                                                                                                  SHA1:ECFDE4BACEB8270F613ADA955F35C38E5300A726
                                                                                                                  SHA-256:F702B14E9A77E34D9783DD79CE776182FE9B49B8FD0CE5A2DF24DFF20E7EEE5D
                                                                                                                  SHA-512:557DC63664CFBBFC7EF511453CDF324E4BE9E2BB217BD1BF111A416CD144808EEFF2C972690E1E74BD9EDA6A8A4F8746D71A01A3A4BF5839B3D991E046DA76CA
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..S..../....."#.D%Z(.~..A@..{o]...9o|..qY....T....{..u.b..A..Eo...................A..Eo......".z.........0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..T@.../....."#.Dpw..~..A@..{o]...9o|..qY....T....{..u.b..A..Eo...................A..Eo..................
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):824
                                                                                                                  Entropy (8bit):5.678444779006844
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:WyeRlvGt1wamyeRlfgUt1wSEyeRlQxt1wByeRlEBt1w:WJWfwzJnxfwSEJ4xfwBJEfw
                                                                                                                  MD5:1ECB28C2613C8996953ECF112DDF2821
                                                                                                                  SHA1:CA4A418B2AB17F6FB2D074B419F76652695FF286
                                                                                                                  SHA-256:1BD7BE511D54F768CFD35BC9618A00FE310F6A41F8136463EA764456E9F98629
                                                                                                                  SHA-512:5E01317BE61CDAC9186A739E7B3327CD799B56779AF876B22402E39447F5F16B594F1A8FB2EAC02D93797A9EE8F56C64E88819E386BA72BB9A0F1E6637458659
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..c{.../....."#.Da...~..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo.......w.W........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..W..../....."#.D.|..~..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo.......J..........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..I..../....."#.D> ..~..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo.........g........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..o<.../....."#.D....~..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo......n9u.........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):436
                                                                                                                  Entropy (8bit):5.613314020667007
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mnYOFLvEWdhwyuCz3EBCqwK+41TK6tLlMnYOFLvEWdhwyuiA9SYCqwK+41TK6t:wRhH32wK+EZgRhywK+E
                                                                                                                  MD5:A3E1FB33EB6018D6A680DA5F6E54CF4E
                                                                                                                  SHA1:B7421185CE9DC89F999A3B74EE8CEDB22CAE53B0
                                                                                                                  SHA-256:8B1D8D50B6920BB44349303B1F374FE28617D989E24B67D06E634EEBA4B255F6
                                                                                                                  SHA-512:471886F7111F42E6EBA3BC08F9E6DBFD64704F477F1D3CB0CBFEA3D081DEEA600280DB513C2E21741DA2477C9409AD24D5D0CDE8E2FD56FB3B52EC0AAC7CA306
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .%...../....."#.D....~..A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo..................0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .f.=.../....."#.DsG..~..A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo......XO.F........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):690
                                                                                                                  Entropy (8bit):5.626385059567747
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:/RrROk/+YfLExRrROk/cboAfLESRrROk/AfLEAt:/PJ/+Y4xPJ/cboA4SPJ/A4A
                                                                                                                  MD5:298467AB1B51DB894D882078ACE1DE7C
                                                                                                                  SHA1:5A0F5AB8210FC4AEEDAB646F2B235C8B323357A6
                                                                                                                  SHA-256:65535191B2837078D1F56F14CA62228CA68CE9B4A0491BC434A8534CDB70208B
                                                                                                                  SHA-512:BE9462343C7087DB40B8EB59EAF2F22810044AEE258BBC4A89E3D8FF88B35A625246CA040E7218ACC681312A0FBBCB57CA1AC4486CD8D575AFC851FFA5B5D235
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..a{.../....."#.D)...~..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......A...........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..S..../....."#.D.j..~..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......(..........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .rm<.../....."#.Dv...~..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......Pq.........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):744
                                                                                                                  Entropy (8bit):5.645695810823335
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:xqTIHqCPLnc5qTNU4iCPLnoqTvft5CPLnMqTCa8CPLnq:AkHqMncIhhiMn/55MnjWa8Mnq
                                                                                                                  MD5:F59D466AB83FAB4AD977DDD07F6EECB5
                                                                                                                  SHA1:46DC552264756A7FC15D5EC7AF8F0EA0D68B7CB1
                                                                                                                  SHA-256:053DE3C95075681FB5C7269EB9B169DD6F4185DB9313D501B5D9C5E527FA9C51
                                                                                                                  SHA-512:5978ACED31FF9F5E633EC9D136F16FF802AF4D06271B0CB6B5F5C54A776089369F5B78C13A6F4611D3E2D2C2C8F1F971D90CBAE2386475FDE079A824CF5F0181
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..;y.../....."#.Dt^..~..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo.................0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .,...../....."#.D....~..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo..................0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ......./....."#.D.Q..~..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......H..........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ...;.../....."#.D.r..~..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......(.+{........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):828
                                                                                                                  Entropy (8bit):5.69199925226409
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:m52YOFLvEWdMAu7gu0sEJ41TK6tD252YOFLvEWdMAumtZsEJ41TK6tB52YOFLvE0:zRMRKsDZjRMEZsDmRMQsDSRMwsDW
                                                                                                                  MD5:5DA06912137DDB9F43E88A9359987724
                                                                                                                  SHA1:B1D652BCE5C1AF19F91B829E527DFCEB25B10DB5
                                                                                                                  SHA-256:90869B49F20A90A4D401B320563FA6169B7FBA195738A0CA1D8B7009C1C96B3D
                                                                                                                  SHA-512:79BF51F46BD5C58BF36B6B356E1D28C78352ABCD6027A7EAE433B90A1D85A20192E1D3CD7340A1401CA5F63A7D223B2FC075DD391EAB9B73238C5E1DB6C8819A
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .!=}.../....."#.Dt...~..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......_.#_........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ....../....."#.D..(.~..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.......`H6........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ......./....."#.D....~..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.......N7i........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .D.@.../....."#.D....~..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo........o.........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):840
                                                                                                                  Entropy (8bit):5.658252605938419
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:6lJRpDoMCilJRsKgoMIlJR998goMMUlJRAbj5oM2:YroM5NgoMOL98goMvCbj5oM2
                                                                                                                  MD5:82FED514114C2DBCC52174B795253428
                                                                                                                  SHA1:BABF921CA0E49E2DBDAAFCDFD3CDEAA3DAFE450D
                                                                                                                  SHA-256:D4324FB9092893987A343982AB4BF389C868ABD073064A1E4A685FF95733FBF0
                                                                                                                  SHA-512:83998BBBC21A73C5F2C597D8E683F66311ECF2BBC7ED008462F79028D8962115C26428BB9654105169DB8076EC09F7E4213BC93A487D71C97FAA82FE02279BC4
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .^?}.../....."#.D...~..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo........Zh........0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ......./....."#.D.(.~..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.........\........0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ......./....."#.D...~..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.......S+l........0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ...@.../....."#.D....~..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo........=.........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):892
                                                                                                                  Entropy (8bit):5.6515983342600755
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:F8hRrROk/6Wn2K8hRrROk/N92t8hRrROk/FcC/2tKFn8hRrROk/lnKz2:UPJ/6Wn2HPJ/X2cPJ/h/2HPJ/Yz2
                                                                                                                  MD5:8D8EBC755C0E7C75214604741E2A989F
                                                                                                                  SHA1:3E1E31C83169E97B6BF4760D641AAF07B61161FE
                                                                                                                  SHA-256:5039B0568E5114EEDCF9BC93E44548BB9AC60BE488153345FF7894A97558D5A0
                                                                                                                  SHA-512:97F661E8320415A9D0A015AFB6CDA73ABFB4C266751CFD8EFA3C3132B41539369C3D8F1A01A47123F18F0EF849D26ADD746523CEDCB5910F9BFF91502F650225
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .x.{.../....."#.D....~..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.................0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .H$..../....."#.D._..~..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo........|1........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ......./....."#.D....~..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.................0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..M<.../....."#.D...~..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......d..........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):852
                                                                                                                  Entropy (8bit):5.7391320454203285
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:ehRcbM8NJIC3hRceNJICfhRcyvNJICWhRcnarNJIC:eh2MyJIC3hHJICfhBFJICWhuwJIC
                                                                                                                  MD5:0B24098D37FDE59ADB01A28A5C90467A
                                                                                                                  SHA1:5FB85591019FDD5A6D7E1DBF3EB788F5268A18DD
                                                                                                                  SHA-256:6E0DB1627B12C0902323C0B095D0292DDF7B8C14C3236D9C103399DAE6C80BBE
                                                                                                                  SHA-512:EA8918159D8C89532998CF96F442D367BABF3CEA36C6C0B7B49A8E31B0EA8F0CE2FFA63050F32B20DD6A5F80AD2E17593C9824E479CB67AAED476D2FC0FFB1DB
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .zf{.../....."#.D.9..~..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo..................0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .h[..../....."#.Dj...~..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo..................0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ..J..../....."#.D.E..~..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo........>B........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ..p<.../....."#.D....~..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.......S..........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):832
                                                                                                                  Entropy (8bit):5.6470612369262305
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:0R2e03RevRtReI8RdXRpt3ReXkR9RHReBX:0AkvMbrRpeUqB
                                                                                                                  MD5:9196BD93AF9635D2CDD8779961D21085
                                                                                                                  SHA1:53720313347952E5E32B8FB0D4CCABFCD2C27000
                                                                                                                  SHA-256:E40A79762F078D626029A2B5D9129829AD54AF40B661720175394B015D3D6379
                                                                                                                  SHA-512:D1930322A22A9A26D777ED02CB056641028FD462857844596A76B09A00173CCD6327BA09C1EEF2ACB06E5C4E23FA2241034E9C430AA05176E82F1CAAC5616523
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ...{.../....."#.D...~..AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo.......u..........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ......./....."#.D./..~..AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo........0.........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .(...../....."#.D...~..AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo.........~........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ..L<.../....."#.D*...~..AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo.......d.5........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):752
                                                                                                                  Entropy (8bit):5.677872942313483
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mAElVYOFLvEW1KbkUs6kx56uvp1TK6tk2AElVYOFLvEW1KEoDjkx56uvp1TK6tmg:6JJKjIKKJJKpIRJJKyeVu2IvlwJJKSI
                                                                                                                  MD5:BA8AE049C339EA88882EA7B70FBC2CF0
                                                                                                                  SHA1:49E9B25974400F5ED39CAEBF3D662B355862F729
                                                                                                                  SHA-256:274F8E72291F32D00EE1CA5EDE0F34FBC5DE82AEDD62647E008E157D4E325546
                                                                                                                  SHA-512:56D3BA9DFCE6C629D57807C24CD803E41BF96D270771CEB63E81F409B55C4800B9427261676EA0BF369C5DEB6C2382885CEECE66190E348EE3C52F78FDB1516F
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .vTp.../....."#.D..~..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......y@........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .v...../....."#.D....~..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......b..........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ......./....."#.D..{.~..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......W-..........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..C5.../....."#.D.c..~..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......0..........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):428
                                                                                                                  Entropy (8bit):5.682093094584788
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mWYOFLvEWdBJvvufdKl/hGohUDLYtmOZn1TK6txfEeWYOFLvEWdBJvvuLly8mcCx:xRBJcIl+DcFZLPfaRBJBcXDcFZL
                                                                                                                  MD5:2EA8B969A051E1C623FFE0AC2A52C6A0
                                                                                                                  SHA1:F1025A2B2EA2E41948A3EFB533A83C3157C23ACB
                                                                                                                  SHA-256:37B97FB7540C6238F11C1FDBAA0184DC89F9F59A7EBB82F26E6AC9D387D08147
                                                                                                                  SHA-512:ADCD7A253D627B3C8FA4027C70380EE0FEF7FBF1958B459C583B9D36AD5F1817DD88D0F8C4DAAF19EBAF1BD323B221CC46CA4D726B4974B924F5892D74696368
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ..X..../....."#.D5z(.~..A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo.......[:.........0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ...@.../....."#.D....~..A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo..................
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):844
                                                                                                                  Entropy (8bit):5.663049931142409
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:msRPYOFLvEWIa7zp7KvcVPu1TK6tMFEsRPYOFLvEWIa7zp75v4kVPu1TK6tLesR+:BPHgUcG5PHL1clZPHrWLcSPHXZKRc
                                                                                                                  MD5:D4908E3E1DD5C8E52AEC91B23A140A5C
                                                                                                                  SHA1:FC7178A806F70F91AD4C94050126E12CAC213D88
                                                                                                                  SHA-256:A954F151F962D9700742C1990A4A4D43E33F8004F41E650257C4BAD47D91D710
                                                                                                                  SHA-512:FC23A58D6345B5CC9D6A57D5FC5B364F42E46B0A6698135155761EAA5A9D3D1B88258440AC3B69D60C770B7FB2FC51444C19058443F962161F82A6195762639C
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ...m.../....."#.D~9x.~..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo.......rQ........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ......./....."#.D./..~..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......q.z.........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ......./....."#.DO.i.~..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......{n..........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .+.3.../....."#.D...~..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo...... ...........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):416
                                                                                                                  Entropy (8bit):5.644817358805644
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mKPYOFLvEWdENU9Qf/uiM3Y1TK6tiNMKPYOFLvEWdENU9QVnXodiM3Y1TK6tYH:bJRT95r0YNBJRT9eXqr0m
                                                                                                                  MD5:44F1498BA83DF1C90876381319F7CB29
                                                                                                                  SHA1:7AEE3D3707F6E096CA33BD7F63A6DEB8AFDC863B
                                                                                                                  SHA-256:57C0298A93199D5EA851BD76D9E135FDD7FA699E04F80E3EF984B349FD618141
                                                                                                                  SHA-512:6C1340C7E949B6270894B7A3289C0FCFD07F6213FB22AA35D0C18C7566D18AF0951422F8FE6694FEF0A1B944BECE343399833DF8EDC29EAC60A59548471D907F
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ......./....."#.DE...~..A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo..................0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ..B>.../....."#.D2>..~..A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo........(@........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):416
                                                                                                                  Entropy (8bit):5.6399455645337335
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mQt6EYOFLvEWdccAHQ54WjBRCh/41TK6tVeQt6EYOFLvEWdccAHQZkXEWjBRCh/s:XRc9NWDi/ETRc90kUWDi/E
                                                                                                                  MD5:DA7B5A81BB7359664D50134EDBEDE761
                                                                                                                  SHA1:FD03548FFD0EA60BACCF5DDEB1A020B1D5AA1DCA
                                                                                                                  SHA-256:035F6D3DF85D7F6386437FECD92D35B93182C20D634D8E14954295A9CCBD8E23
                                                                                                                  SHA-512:574F4B8377A10F3A7579A485B7A567DB1946FEDBDB837DEA5EF1D821C17C9F947EC48AB151043F112D3E51A6D43244C636EB6221BC1A89B716A5E46E031027BE
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .JM..../....."#.D..0.~..APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo..................0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ..RA.../....."#.D.A..~..APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo..................
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):462
                                                                                                                  Entropy (8bit):5.62669724367364
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mqs6XYOFLvEWdFCi5mhuvAq+ULlF4r1TK6tZt2qs6XYOFLvEWdFCi5mhu9DguW0z:bs6xRkiNHZLlF4nPhs6xRkiLELLlF4n
                                                                                                                  MD5:5B020EF041D64D8F5B4F45D5D4523300
                                                                                                                  SHA1:6C5D88CE24F4A309D960A294C0F3DB8012BF5883
                                                                                                                  SHA-256:B63304BBFB396F5B3F65AEAA38EB7B5749301C742CDE6935EFC0F59A7F30A6BE
                                                                                                                  SHA-512:F0F34859490B1F935560B682C945317A7B4483245D148D83F58028BB7E51DE6AD586D3333AE98CF977179FD184B9BC64DF47F6DAB0212587596D78B76AB2AFBF
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ...{.../....."#.D'...~..A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo........w#........0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .2...../....."#.DcG..~..A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo.......FN........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):430
                                                                                                                  Entropy (8bit):5.595743301133266
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mhYOFLvEWd/aFux2ttpfY941TK6tANMhYOFLvEWd/aFuGkCqY941TK6tm:WROtXfY9EOYRKqY9E
                                                                                                                  MD5:0AA0141280EB7CD78E4770B480CE0DFE
                                                                                                                  SHA1:5B54D40D941C34BC506016CCEC9D9224723A1633
                                                                                                                  SHA-256:C018E26C0F9F741F984B6B82CBF836198D1BC21CFDE9F738FAB31CD1AE9EEDD2
                                                                                                                  SHA-512:6A5C2AB4DCAF98FA1149523BD12E8DAED767A615731595AF38515BD80567D3CECF5D275F64D9506C52326A1EA18ADED609CFC414DFC2A2ADDD8BCDAD982FC4A9
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js .X(..../....."#.D..).~..A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo........sG........0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ..2B.../....."#.D....~..A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo.......6..........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):416
                                                                                                                  Entropy (8bit):5.597714593509113
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mR9YOFLvEWd7VIGXOdQNk1zBoBMqVd3G4K41TK6tNR9YOFLvEWd7VIGXOdQxHOSV:2DRuRrBoB9Vd2kFDRuRGqoB9Vd2k
                                                                                                                  MD5:4C917F5FC5678CA9BC49A9F69BF9B9D4
                                                                                                                  SHA1:A463F31668ABA01BF1519DD9C48D876BEE0187B0
                                                                                                                  SHA-256:07AA0071BE87A062B07C4C650BB5E60892A379520C595A61D478D17C519FA7CA
                                                                                                                  SHA-512:1BFEFEAA4627165C77943E535377DD97A5B186746570E40705D4CBFB54417C0E906E0CC6E41FE916966EB2D9F067FE81C2C3F6E0DACFCBF56F830D591F5A6940
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ......./....."#.D.^).~..A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo.........&........0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ...B.../....."#.DV...~..A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo......%9./........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):832
                                                                                                                  Entropy (8bit):5.659332827654362
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:+RQKo8rnjRFRQ6uZrndURQK+Yrn+RQDrns:+TNntFXuNndU5n+yn
                                                                                                                  MD5:358F2BA2EBC49E6DA02C07A1E98DF6FF
                                                                                                                  SHA1:5B3F6D7CE3A5B5319BD4F3071316FDD2104A42D6
                                                                                                                  SHA-256:2F3F8C9F923D1CAAD352678725EBE70F44DFDA3189E797C075D6DED11741070F
                                                                                                                  SHA-512:146D360D21F3F4B4D15266044E5FBBB414AC706349D08A5CF3FD4B9C10904A36569427428A9BC473621F55A53E8BAA1956EE04A0B640767FC77FDDF60627829B
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ...}.../....."#.DV...~..A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo........Y........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ......./....."#.D.&4.~..A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......}.0.........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ......./....."#.D....~..A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo........Ic........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .\.B.../....."#.D'...~..A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......"E2.........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):420
                                                                                                                  Entropy (8bit):5.634811614342476
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:moXXYOFLvEWdENUAuIEFvuyC8n1TK6tQMoXXYOFLvEWdENUAuxvsyC8n1TK6tV+:xhRTk7QEhRTLs7Q
                                                                                                                  MD5:B101ACFCED2BEE3E637F0C247D838EF6
                                                                                                                  SHA1:0369862DC86565DC540DEBF4D6C79C6E0E180EC9
                                                                                                                  SHA-256:212AC561FE6F341BB9423EACB5D3463C5D8196679124058649C0F02E6EAC4BD8
                                                                                                                  SHA-512:CCECE5A3EE76A15DC059C3E5F0F618ED00162E0A76539708ED4F795FEDD2B279E6323C18FA4C16AD408523E2C9848D9F42C8A62580A2353E4F3D6337CF0796DF
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ......./....."#.D....~..A8.../...;.\\o....1..........+..A..Eo...................A..Eo........w.........0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .>.=.../....."#.D.5..~..A8.../...;.\\o....1..........+..A..Eo...................A..Eo......UK..........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):884
                                                                                                                  Entropy (8bit):5.683347099108898
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:nRrROk/VZmbRrROk/VuGclm0RrROk/VMmAdRrROk/Vad/mV:nPJ/KbPJ/Z0PJ/vAdPJ/YcV
                                                                                                                  MD5:33CDF4B0610B665683ADA253213A9FDD
                                                                                                                  SHA1:7A7CC5D4F79CFF6267E93FE3A17340766D961FD9
                                                                                                                  SHA-256:77F5511F703CEE411867FCEB87501A08ED79FEE16CB62B31289F7B437E7D2EAC
                                                                                                                  SHA-512:495E42AD8033B2642FBDA937981B9D5CD0813718DB9437BB5A63204549558BB3C0E00B211E61CC1B9CB34111EC3A3758BC3CE125DA19FE6138902EBB64CABAA1
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ...{.../....."#.D3S..~..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo........".........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..]..../....."#.D)...~..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo........l}........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..L..../....."#.D....~..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......v...........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .4.<.../....."#.D.H..~..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo.......e.{........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):420
                                                                                                                  Entropy (8bit):5.6209777129594825
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mZ/lXYOFLvEWdccAWuIeoAdm9741TK6tJ2Z/lXYOFLvEWdccAWud6gOlP3Adm97W:qxRcFldu7E2xRcSedu7ET
                                                                                                                  MD5:964C59D33877A575F31FD1C01BA0C6EC
                                                                                                                  SHA1:09E0769E19B4839011E5EBC8CD2971F7A1750069
                                                                                                                  SHA-256:C04DB091C43F8D766B6951CB150E84E2643E91825AF9904ED04E9681794DDACF
                                                                                                                  SHA-512:79435AD628DC5ECEFE392445842177508D3336CD99EAF7955E7C6B4CD6DCF18BCC2145254F17CD8F3851B3B3655E28E35FE0EBC3E69F7B74F619C76DD04013E2
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js .+...../....."#.D.M(.~..A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo......-<..........0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ...@.../....."#.D....~..A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo......%..}........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):408
                                                                                                                  Entropy (8bit):5.652617405673353
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:mMOYOFLvEWdwAPVuKph3TrJn1TK6tgMOYOFLvEWdwAPVuesPMJn1TK6t5:2R1rtTNLuR1EiL
                                                                                                                  MD5:25E1B50A31CA211ABD1D6265616FCE5D
                                                                                                                  SHA1:DCE3F4B45F254006AB2769AE9F1CD20C31BFE2A0
                                                                                                                  SHA-256:1032199D89E31C46E5F9EA611051AB143421DBD7CC4509C3AE71EA7E96C80D40
                                                                                                                  SHA-512:F8EA5554FBE5C89C41A60904E201F8A987F3717BFD261B741F6FA8FEB58A0C3FF9414373F3B22BF4FE8ACE12948080BC3C266AA01B28B7F7909AAD185734EB9B
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ....../....."#.DQ...~..A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo........v.........0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ...=.../....."#.D"...~..A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo.......M.8........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):212
                                                                                                                  Entropy (8bit):5.624586949505116
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:m3PXYOFLvEWdBJvYQyBhtX3r2zhcsBXIh1TK6t:mxRBJQXBPHSDB0
                                                                                                                  MD5:B724158D0949DF4541A2898380384609
                                                                                                                  SHA1:C14BAD4810366D85420BFD003FA7CD9D6E5325CA
                                                                                                                  SHA-256:80468522F4ADBB9B85CE8D512305C820F970084AFEFD20F614619790E8B96786
                                                                                                                  SHA-512:D99645542E778A6A4AF30DD5B4CD95BB04FF1027AFE69D11CFFCC3DC922EB63C87161EDCF76E93A85FDC919BB2DE5F82218F06FB27C4AA27673749AB198E20CF
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ..yA.../....."#.D....~..A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo........:e........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):912
                                                                                                                  Entropy (8bit):5.650220472675818
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:3RrROk/s38LvcAlHRrROk/su6c3RrROk/sq5c3RrROk/s2Hoc:3PJ/01AdPJ/j3PJ/G3PJ/VHN
                                                                                                                  MD5:12821F1B97AA34A450F5F3A16CCBD630
                                                                                                                  SHA1:0C493B9C73694F4CCC651123EF4A53C53584A738
                                                                                                                  SHA-256:66B29A5F04810A4D68E15FDA6D5FA12B3E29F5287D201C174613653DBA40949B
                                                                                                                  SHA-512:324C0BAD727C4D5B315EB3450BBB457513769F68A52C466133938F2BE995B70EDEF3D919EAE4F346AD91222DC744AC0EB74CAB08405550FC6D5D6CCB2DA24840
                                                                                                                  Malicious:false
                                                                                                                  Preview: 0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js . .{.../....."#.D....~..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......E.G(........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .$q..../....."#.DB...~..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......a.p.........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ......./....."#.D~W..~..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo........G.........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .).<.../....."#.DV...~..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo........f>........
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2064
                                                                                                                  Entropy (8bit):5.29252806418288
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:Mfg1zZFufGMisp6r6C9QPpYjw4gZwvPMHtammJ9MGsdhLH:h1zZ4+dsp6UYjw49PFXw
                                                                                                                  MD5:2595DC94706F0F7FC0029364915E06A6
                                                                                                                  SHA1:21C3833670A7A6BA2519A82656D1BF2AD76BF4DC
                                                                                                                  SHA-256:3C6BCBD75CF4B0F34588DFB247F5F6F79E3B6F59D2E29DF54C2CAA57D9D86906
                                                                                                                  SHA-512:CD92CF1CDED81D376D7CBD5EB6160542F8DEE2235528547545C5759C2DD31CB4D78889611114B39523E39E52A9EDA1E9982F08A4923B6105CAACCFD0472CF821
                                                                                                                  Malicious:false
                                                                                                                  Preview: ....h...oy retne....'........'............;.y~A..z.B_./...........*...z.B_./..............oB*.8.B_./............#...(...A_./.............k7A..z.B_./.............D.4..z.B_./..........[.i..%..z.B_./.........<...W..J.8.B_./.........,+..._.#.z.B_./..........J..j....z.B_./...........6<|....8.B_./.........A?.2:...z.B_./..........+.{..'.z.B_./.........*)....J:.z.B_./...........2q.....z.B_./...........P....V.z.B_./.........+.U.!..V.z.B_./............P[. q.z.B_./.........!...0.o.z.B_./..........u\]..q.z.B_./.................z.B_./...........*.....z.B_./..........o..k...z.B_./.........^.~..z..z.B_./.............o..z.B_./.........Gy.'.h..z.B_./.........F..=z;..z.B_./...........3....z.B_./..........v...q...8.B_./..........C..M.....A_./...........a.....8.B_./..........~.,.4>..z.B_./..........&.S.....z.B_./..........@..x..z.B_./.........=....m...z.B_./..........;/....z.B_./..............q..z.B_./............MV3...z.B_./.........:..N.A...z.B_./............B_./.0....'.)oy retne
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):292
                                                                                                                  Entropy (8bit):5.12658047041738
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qE3+q2PWXp+N2nKuAl9OmbnIFUtwDq5HZmwyDq5nVkwOWXp+N2nKuAl9OmbjLJ:4q1vaHAahFUtwDq5H/yDq5V5fHAaSJ
                                                                                                                  MD5:2C9EB6DD3A06CA71D41738BFE3E71C82
                                                                                                                  SHA1:47F418AAF538EB2FA5D9B65C9B6E211492F89899
                                                                                                                  SHA-256:16A5C06A163472F3BF09CFF64D6900BAB2D04955604D34B228BD98A0E69B9429
                                                                                                                  SHA-512:32404C5CD6C87A01E37D6CC42559F25FD91115441723BE5981D8848AC985789563C7AD356A6962A4BEA9F37AE650503F330944A18D337A7EDBDB3A217DDCD623
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:00:22.888 1728 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2020/11/18-21:00:22.898 1728 Recovering log #3.2020/11/18-21:00:22.898 1728 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1835008
                                                                                                                  Entropy (8bit):0.009659826032596219
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:TGEiaGEiCsMi9sMiDgsMiDgsMiDdsMhCDOsMhCDo+sMhCDo+sMhCDo+sMhCDo+sW:trrCXonononononono
                                                                                                                  MD5:21243F04C89A197BB6B7F6F83FC3143C
                                                                                                                  SHA1:86C39801641D4689AF8792AFB690A0CADBE81263
                                                                                                                  SHA-256:B71EB44A7471A903DEFF3A492C2981A68BFB32AB60A5D162E43364864DE135A3
                                                                                                                  SHA-512:F36B2C48C1F0C30494202D6990352BF864F6D0EF073D8981C8033ECEDE9A0B55F90B422110C91DF95B7E714B5F7F1928FA75A64BFC2A9723234A7073AC945316
                                                                                                                  Malicious:false
                                                                                                                  Preview: VLnk.....?.......Tq.>..j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-201119050018Z-192.bmp
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                  File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):71190
                                                                                                                  Entropy (8bit):0.9877066000062971
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:LgP1BsYMFHjO70MPkMgB/jMPEiFgvMjnAiuiDWU8JiuFKDiFMzSx1fT:kPcpeO0c/rU8FMfSx1b
                                                                                                                  MD5:4BE6DBB46773215BD4409DEFECB46FEC
                                                                                                                  SHA1:D62EAED393A5F74E20A0BC22737634142F2280F3
                                                                                                                  SHA-256:98CFA3FD05388A77B3042D73FEB6B9D0B86E8FDB7F9EAE554DF5B2C671FE6634
                                                                                                                  SHA-512:618A72AE2C94A6A98E44C1CFE57361D2D0BC9483F073D6CB3F00BB2B7862501DBE34BB8DB6694E3028F5CE67DF7F8FD10C816C27682A5FED538425C024BF1D1C
                                                                                                                  Malicious:false
                                                                                                                  Preview: BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3024000
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):32768
                                                                                                                  Entropy (8bit):3.3851164658430135
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:iR49IVXEBodRBkQKOhFVCsL49IVXEBodRBkRuKOhAVCs749IVXEBodRBkluKOhuZ:iGedRBWedRB7edRBnedRB1
                                                                                                                  MD5:C68DC9592FF3634CF80796A81F3E23D3
                                                                                                                  SHA1:98D09094A0F864790BB0BD7EAEE7D639FFFE9B83
                                                                                                                  SHA-256:5F16869A4B68C847087ABCFC08489EE9E8DBD5F62DAF82800BB1F19CE0E4E268
                                                                                                                  SHA-512:CCB76B6684CE3DE05504C263C7E39C71ADD5DC5F57F47038B0B01B6999428934D2D59CFC2C78168663A1A611792A73605A55305901801EC871FF6F16D65C1D03
                                                                                                                  Malicious:false
                                                                                                                  Preview: SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):34928
                                                                                                                  Entropy (8bit):3.1983648587725453
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:y7OhFVCPI949IVXEBodRBkcKKOhFVCsyLR49IVXEBodRBkSuKOhAVCs6d49IVXEI:yciedRBxLGedRBSCedRBnyedRBL
                                                                                                                  MD5:639CE486D675CE79CE07E46643355400
                                                                                                                  SHA1:586D665416A8ADFCCDB264D5A7FF5AA4F9B33043
                                                                                                                  SHA-256:07560E9253285AA1EA72CD85D08EABE6611107CC11F93261B07003CC0687DA45
                                                                                                                  SHA-512:81E787A1414A3885911AEB1DCBBE27E2AC2ECB11835E4A356CE07802E9D9EB01D838BAAF72A949DBB1FF412684A6A0CDFC06B62885965D81C263C2EDE75326D3
                                                                                                                  Malicious:false
                                                                                                                  Preview: ...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................X...h...y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6756
                                                                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                  File Type:PostScript document text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):157443
                                                                                                                  Entropy (8bit):5.172039478677
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:amNTjRlaRlQShhp2VpMKRhWa11quVJzlzofqG9Z0ADWp1ttawvayKLWbVG3+2:RNj3aRlQShhp2VpMKRhWa11quVJX2
                                                                                                                  MD5:A2C6972A1A9506ACE991068D7AD37098
                                                                                                                  SHA1:BF4D2684587CF034BCFC6F74CED551F9E5316440
                                                                                                                  SHA-256:0FB687D20C49DDBADD42ABB489C3B492B5A1893352E2F4B6AA1247EFE7363F65
                                                                                                                  SHA-512:4D03884CA5D1652A79E6D55D8F92F4D138C47D462E05C3E6A685DA6742E98841D9C63720727203B913A179892C413BFB33C05416E1675E0CF80DA98BE90BA5E4
                                                                                                                  Malicious:false
                                                                                                                  Preview: %!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Marlett.FamilyName:Marlett.StyleName:Regular.MenuName:Marlett.StyleBits:0.WeightClass:500.WidthClass:5.AngleClass:0.FullName:Marlett.WritingScript:Roman.WinName:Marlett.FileLength:27724.NameArray:0,Win,1,Marlett.NameArray:0,Mac,4,Marlett.NameArray:0,Win,1,Marlett.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.FullName:Arial Bold.WritingScript:Roman.WinName:Arial Bold.FileLength:980756.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial Bold.NameAr
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\32f3bd34-5d69-4f47-a499-bcb48ff4b2eb.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):162096
                                                                                                                  Entropy (8bit):6.083408984828973
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:4zZLd5Eh1zO2iL6d8BRWCr5FcbXafIB0u1GOJmA3iuRb:UZLda1SRm8B97aqfIlUOoSiuRb
                                                                                                                  MD5:1C6819964EF3E0C2029E1F22AFCCD905
                                                                                                                  SHA1:2A82D57C4288B5B526D9FC158B780CDAC17C5F5B
                                                                                                                  SHA-256:BF338A2E459A92D5538A99E39CFA035E4C081CD39A79FC64107B02C1084D9D2E
                                                                                                                  SHA-512:E1DA85B835E783B18F303664B5937D7FFB62999D9CF0FD074895D5BE832CAB09A2F693F4042A297B00220906D475767437686CA7A17A7AAA64AA8E923476A0AD
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.605762080685905e+12,"network":1.605729681e+12,"ticks":164674400.0,"uncertainty":2638498.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016830546"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\8a6bcd33-23b3-4d32-92fe-f457c6741446.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):161839
                                                                                                                  Entropy (8bit):6.082886695776939
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:hoGZLd5Eh1zO2iL6d8BRWCr5FcbXafIB0u1GOJmA3iuRb:6GZLda1SRm8B97aqfIlUOoSiuRb
                                                                                                                  MD5:BAC347D1844D5EBDFE186D7FA5FE6CCF
                                                                                                                  SHA1:CF8820AD6F10DA7488A04A86B692430D593873E1
                                                                                                                  SHA-256:A62129961D405C0D3F917E7C6AF97F4D96C58C5166AA58A8186B07BDC7B2D8AA
                                                                                                                  SHA-512:3403AE79CD9E838EECB48F6F143F86218835BEA38895DE542A7BDF6907BFAC5569A7494B480421850C9EEE18649C30A3B550FB70F886EB77603FAD65BEFAE8CA
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.605762080685905e+12,"network":1.605729681e+12,"ticks":164674400.0,"uncertainty":2638498.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):120
                                                                                                                  Entropy (8bit):3.254162526001658
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
                                                                                                                  MD5:E9224A19341F2979669144B01332DF59
                                                                                                                  SHA1:F7F760C7104457DF463306A7F7BAE0142EFCEB5B
                                                                                                                  SHA-256:47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
                                                                                                                  SHA-512:4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
                                                                                                                  Malicious:false
                                                                                                                  Preview: sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0a0746cf-79f9-48e8-850c-85d1c69fc543.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1039
                                                                                                                  Entropy (8bit):5.56809058596298
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YI6H0UhVsTG1KUerkq/HeUeXby2qUeXvS7wUFRUenHQ:YI6UUhVseKUewqPeUer2UefcwUbUenw
                                                                                                                  MD5:6270273F20F8B1CEF199049AD480D5CD
                                                                                                                  SHA1:C23FFF9CBB246D92FADDB2845EF7DE8BCE698A9D
                                                                                                                  SHA-256:55332F2848687FEA25E6FEC5DF0F704D9E40479AE8DE551A9A0E2B728A8D2152
                                                                                                                  SHA-512:1AEC98179000813FA64835C3CF3C7CBB7C74BD91CDF843EEC3563A977E0958605D9C0EA332C4B8D7A0F3F3D47938D5DADB7BB1CFDDC83026B3F027D2F56614BA
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"expect_ct":[],"sts":[{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.919383},{"expiry":1637298081.409985,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1605762081.409988},{"expiry":1633014077.462534,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_obs
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1dc32101-c6a1-4b16-a381-d31c3d13e51c.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4742
                                                                                                                  Entropy (8bit):4.942341037185066
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Ycw6UkPkSwHjhcxqA9RqTlYqlQuoTw0e5sH3CH3G/s8C1Nfct/9BhUJo3KhmeSnz:nwCj4+4pcVvok0JCKL8VbOTQVuwn
                                                                                                                  MD5:7E7A0C5B553D7FB98B676904B21710E0
                                                                                                                  SHA1:1B92D90BAC3EF934FB130ABC312CC904B3B6BB5A
                                                                                                                  SHA-256:909DAE5828A35B8247301EC1896F4A793F9FE7C88D3392C455F3BFA35E1543A9
                                                                                                                  SHA-512:5FF61424134E7AAC521AA946460F926EED748CD924BCF9865922DED07F372C373BE3F6CE72BC7A59E19773D7198F239A07F108A3A98F3B863916724FF371A022
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13250235677458373","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0",
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7ca19eba-49b4-4e98-bc83-58b44fa7be40.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):15428
                                                                                                                  Entropy (8bit):5.6005376535412825
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:mKtGLlb1Xn1kXqKf/pUZNCgVLH2HfDTrUq+e54G:aLltn1kXqKf/pUZNCgVLH2HfnrUne5N
                                                                                                                  MD5:CDDE5719005EF092AA88EAAEABB61C8C
                                                                                                                  SHA1:C8E8F604CF6F1E92353CE9B54175C8244FCFAF26
                                                                                                                  SHA-256:2A26107BDBB10C8397FE12941F6F2BA346462292B73B67D76489F4822E751771
                                                                                                                  SHA-512:6621E62EB85621BED6846B877E7A80C4904F7F21C22A883195C7155050F3C5E37F79F14C272A86E70E254C90A25F00A8A85BCE40334C774D354463EA1D4AC087
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13250235676826427","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\81dbe153-204c-48f1-b25a-aae4010a7967.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4219
                                                                                                                  Entropy (8bit):4.871684703914691
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
                                                                                                                  MD5:EDC4A4E22003A711AEF67FAED28DB603
                                                                                                                  SHA1:977E551B9ED5F60D018C030B0B4AA2E33B954556
                                                                                                                  SHA-256:DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
                                                                                                                  SHA-512:84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\89bdf7b4-7ecc-4f15-ba0b-51f8bcf2497a.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):4768
                                                                                                                  Entropy (8bit):4.947438024277687
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Ycw6UkPkSwHjhc6OG+qA9RqTlYqlQuoTw0e5sH3CH3G/s8C1Nfct/9BhUJo3Khmx:nwCjrc+4pcVvok0JCKL8VbOTQVuwn
                                                                                                                  MD5:931B6596A3691D4A06392BDDD3D9E8EF
                                                                                                                  SHA1:FF4312F0E4E0D143720AA7ADEE24492B3C85F66C
                                                                                                                  SHA-256:050084A7510F7017040FD3FFAA057C25C16D5296C59E033FFBEF1A1EE301D140
                                                                                                                  SHA-512:10E003D201D5D098E09BE2FC5AA7DEB944F75023A5836DDEBCCF215868701ABEB48E65B28F22AEC97F503C1528CA5FDB8544DBDC4E2B0C8A2F47E88D5CD9ECFD
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13250235677458373","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0",
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\943abf82-2992-4ec1-a198-354646cf2d7b.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:very short file (no magic)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1
                                                                                                                  Entropy (8bit):0.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:L:L
                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                  Malicious:false
                                                                                                                  Preview: .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):331
                                                                                                                  Entropy (8bit):5.213229092242208
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qX/EJWM+q2PWXp+N23iKKdK9RXXTZIFUtwDqX/gd1ZmwyDqX/kFrWMVkwOWXp+m:4qcJL+va5Kk7XT2FUtwDq4v/yDqMFrLX
                                                                                                                  MD5:96B7EDB46D7E6778C1861A148A98744D
                                                                                                                  SHA1:E382656657C929F8787AE6B8C34A1988E065C2F7
                                                                                                                  SHA-256:18357442ED74A2E40474B1B1AD58AF585EE7CF58737B91CDFB1C1BD620E86CDE
                                                                                                                  SHA-512:3DF77C3F51F7BA3114E5D9E8AB8FFE8B4F52619E1E053F00A324EBFE533CB37A0355A3CFE505715407BEDB78B8F162628C21AB4D694B274BDD68B33D464233EC
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:27.149 bac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2020/11/18-21:01:27.158 bac Recovering log #3.2020/11/18-21:01:27.163 bac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):315
                                                                                                                  Entropy (8bit):5.137286895617519
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qX/AFk+WM+q2PWXp+N23iKKdKyDZIFUtwDqX/F1ZmwyDqX/TWMVkwOWXp+N23ir:4qom+L+va5Kk02FUtwDqf/yDqbLV5f5A
                                                                                                                  MD5:A37F4EE1CC1ADEF5E83D7516E5DD6829
                                                                                                                  SHA1:68F554F03BCB7F2C5E0BB94C999E18FBC1CB1D5F
                                                                                                                  SHA-256:F9000E25A46E24C9FED743DEC02AB3991F5DE5C824E45D3480361572C42B23A2
                                                                                                                  SHA-512:7A1D9B743C3E6690D7B5293E849AFDA46D8FE6EBF6C4286825C7BB35B1E506EAB7D97A680961007EB37AE3A6FE12308A993FC0C1DCD8C681ECB5C8FB9A032ED1
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:27.101 bac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2020/11/18-21:01:27.104 bac Recovering log #3.2020/11/18-21:01:27.104 bac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8192
                                                                                                                  Entropy (8bit):1.3506026341463435
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:TLyqJLbXaFpEO5bNmISHn06UwI6ggAZOZD/i:TekLLOpEO5J/Kn7ULBNOZi
                                                                                                                  MD5:CE744FF94213973C95AEDC10297B29FA
                                                                                                                  SHA1:6CD623FB7111BCF69622816B813D37817969CEBF
                                                                                                                  SHA-256:A7F24FB66E181515B7F038B66CC26CA077805D62B0595E9F8DE712DA6A1CD2DC
                                                                                                                  SHA-512:43BA9AB9857434B6FB92AD5836856AB89C165446E7E54F2FFE89C92B70CDC98AD3687162FF7B356D8E64E4112680C06E0EB964F22F97320CBE2D2186E1A2BA52
                                                                                                                  Malicious:false
                                                                                                                  Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8732
                                                                                                                  Entropy (8bit):1.3112356993549292
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:7cLgAZOZD/YqLbJLbXaFpEO5bNmISHn06UwG9:78NOZYq5LLOpEO5J/Kn7Up9
                                                                                                                  MD5:2F552F9D300067F5103FADCBA4A65641
                                                                                                                  SHA1:EE807D08984601C5051D78A2DA85AB52269343CF
                                                                                                                  SHA-256:BC56478B18D4B7E487F2CECCA864BB8B164D4AF99FBE04AB78CA6C5443BC3921
                                                                                                                  SHA-512:0A39F3C5D6940FFCD85722FB70EA60786F654A2D75F015E445F1AF218AC23B745B8D0B19FEA47CC5FFE9106A978EAE1011CAF0CBF75919525B0EB3BBDDF3AE56
                                                                                                                  Malicious:false
                                                                                                                  Preview: .............E..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1007
                                                                                                                  Entropy (8bit):3.3958092897491383
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:3olydJh67+cLEn8kIyT42A2nFkcWLy9q09h6L4sm2A2q7lJlh:34Sdd8B27nFvWLcqqILC27q7lJlh
                                                                                                                  MD5:FFC337AD3806CFC7847B77E42093E2A6
                                                                                                                  SHA1:95B63A631773CEFE60CF2B6373E3ABA031368B00
                                                                                                                  SHA-256:4353DD2BDAF4DFED0D831D8255BEB148DA0FD11E59A1D9C5821C67C9C89546F7
                                                                                                                  SHA-512:F0E6846A324B2B7D94028FDDE507B5A6F72D1360A5005B6E4AC15CAF47DC611FAA4565018AB969BD7E48AD633EA72FE138C139786C18E10B1CA0F331A9F36844
                                                                                                                  Malicious:false
                                                                                                                  Preview: SNSS....................................................!.............................................1..,.......$...b3c40085_689a_4856_8986_5f52594942ed......................,.............................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}............................;...https://shbfinanceonline.com/shbfinanceonline/redirect.html.....................................................h.......`.........................................................q.n.....q.n... .......8...............................~...;...h.t.t.p.s.:././.s.h.b.f.i.n.a.n.c.e.o.n.l.i.n.e...c.o.m./.s.h.b.f.i.n.a.n.c.e.o.n.l.i.n.e./.r.e.d.i.r.e.c.t...h.t.m.l...................................8.......0.......8....................................................................... .......................................................;...https://shbfinanceonline.com/shbfinanceonline/redirect.html......l..../...................................................................................................
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8
                                                                                                                  Entropy (8bit):1.8112781244591325
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:3Dtn:3h
                                                                                                                  MD5:0686D6159557E1162D04C44240103333
                                                                                                                  SHA1:053E9DB58E20A67D1E158E407094359BF61D0639
                                                                                                                  SHA-256:3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
                                                                                                                  SHA-512:884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
                                                                                                                  Malicious:false
                                                                                                                  Preview: SNSS....
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):399
                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWW
                                                                                                                  MD5:A15AC2782BB6B4407D11979316F678FD
                                                                                                                  SHA1:B64EAF0810E180D99B83BBA8E366B2E3416C5881
                                                                                                                  SHA-256:55F8FA21C3F0D42C973AEDF538F1ADE32563AE4A1E7107C939AB82B4A4D7859A
                                                                                                                  SHA-512:370B43C7E434C6CC9328D266C1C9DB327621E2C95AD13D953C4D63457A141FBF2BE0B35072DE96BECC29048224D3646535A149229FC2BA367C7903D3E3E79BDB
                                                                                                                  Malicious:false
                                                                                                                  Preview: .f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):320
                                                                                                                  Entropy (8bit):5.11326926014268
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qX/tFsAVq2PWXp+N23iKKdK8NIFUtwDqX/vAgZmwyDqX/vAIkwOWXp+N23iKKdF:4qVTVva5KkpFUtwDqAg/yDqAI5f5KkqJ
                                                                                                                  MD5:EAEFDCDB844F27C2BE16BCABB1A5DF35
                                                                                                                  SHA1:8134812B033166BF6845F236F69BA6CDAAC532AE
                                                                                                                  SHA-256:4B07CFB5903508E8E483A7E9AE606790A19E0AF4125DB068B7B38A30F8BEA509
                                                                                                                  SHA-512:D73B749783BF16379198DA215FA029F108D641E6F11B12F69F59AACFC205712127E63C6C6157A6A4C1A8792135949888EF07A0B2D77C5AD093235CEA657823EE
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:21.014 1244 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2020/11/18-21:01:21.015 1244 Recovering log #3.2020/11/18-21:01:21.015 1244 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):19
                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:FQxlX:qT
                                                                                                                  MD5:0407B455F23E3655661BA46A574CFCA4
                                                                                                                  SHA1:855CB7CC8EAC30458B4207614D046CB09EE3A591
                                                                                                                  SHA-256:AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
                                                                                                                  SHA-512:3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
                                                                                                                  Malicious:false
                                                                                                                  Preview: .f.5...............
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):369
                                                                                                                  Entropy (8bit):5.201360842645549
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qX/ZFkGjWM+q2PWXp+N23iKKdK25+Xqx8chI+IFUtwDqX/wvkEj1ZmwyDqX/wCo:4qTkGjL+va5KkTXfchI3FUtwDq4sm/yb
                                                                                                                  MD5:0B459A04B944D263D03E5A258D150ECD
                                                                                                                  SHA1:2357E883A39CB3541F136F230D3AE8B8D41CCD44
                                                                                                                  SHA-256:05F0D42F2B3678D640C3657ECF347813962667416DF712089E4F26D2545DBFDD
                                                                                                                  SHA-512:8409B832F76CDC9F739765EF4319991837783440353FA5A22B15EAB34C3BC95C8720B97A8BFE1260F96BC9BB91874B8C57F17849AC533E28D04D84617E69E030
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:27.074 bac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2020/11/18-21:01:27.080 bac Recovering log #3.2020/11/18-21:01:27.081 bac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):355
                                                                                                                  Entropy (8bit):5.19495900022083
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qX/8qWM+q2PWXp+N23iKKdK25+XuoIFUtwDqX/3xF3j1ZmwyDqX/kvjWMVkwOWZ:4q0qL+va5KkTXYFUtwDqfDZ/yDqoLV5Z
                                                                                                                  MD5:32157A2D67ABB635073C4DDC075560D1
                                                                                                                  SHA1:2976521A8C974171D9F8D984FD02B9189DEC5EA0
                                                                                                                  SHA-256:15CC06D02762B475D4C160593DC5CA614063812C17B8CCE9808D11DEAB43CEE2
                                                                                                                  SHA-512:262D1E7CCCE438FB44B5F277B0AB67D2C9BB941BEEF57AB995EF194AEB86339DB6CB14FF6641055BB6CF5C2827734BF73615BF5FE684B8DD51B6ADF50BB67125
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:27.049 bac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2020/11/18-21:01:27.050 bac Recovering log #3.2020/11/18-21:01:27.051 bac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):327
                                                                                                                  Entropy (8bit):5.178333556562382
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qX/8WM+q2PWXp+N23iKKdKWT5g1IdqIFUtwDqX/6vkS3j1ZmwyDqX/6vkS31WM7:4q0L+va5Kkg5gSRFUtwDq9m/yDq9+LVx
                                                                                                                  MD5:C7A1107EAEC98D6D64158FB9F299819F
                                                                                                                  SHA1:50FA69C3F81D223707BA5A41F51A0C28E98DEF1A
                                                                                                                  SHA-256:268FC2229D71DE6A581F77EEDD922870CACCC6143D7DD5C83F442ED3778E161A
                                                                                                                  SHA-512:18D67D400313D03B653B02812C3816E2509B609BCCE4BD36C201C4C99B9D11B275B08E4886BCD6ADAD5EC63AE4FB752980DEEFCBD09DF81509213B584229E5E4
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:27.019 bac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2020/11/18-21:01:27.020 bac Recovering log #3.2020/11/18-21:01:27.020 bac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8720
                                                                                                                  Entropy (8bit):0.3276134663137276
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:cQ4/fMt76Y4QZVRtRex99pG/CqR4EZY4QZv8fOzE:f4nMWQA9LuBQZ8fOQ
                                                                                                                  MD5:299404CDA67CF677393D37480AD10BD0
                                                                                                                  SHA1:DFCF32B08EBCCA0439C2711D2BA0CF8BCD4E2258
                                                                                                                  SHA-256:14A3093D20D154B8CAEA3213B8913A6C879F6A7EAAF581867AA514F847EE1B2C
                                                                                                                  SHA-512:3A09E4E1262353747C48115857B21294D893D2B0D13E5CE391CB1785430AB4D37EBBAF477ADE48CE0CEF0D62C04C35EF9AC971E7D29BA341A90B981585A2F72A
                                                                                                                  Malicious:false
                                                                                                                  Preview: ............<.z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):329
                                                                                                                  Entropy (8bit):5.187952425057191
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qXtQWM+q2PWXp+N23iKKdK8a2jMGIFUtwDqXWEpG1ZmwyDqXwQWMVkwOWXp+N2s:4qW+va5Kk8EFUtwDqGd1/yDqdV5f5Kkw
                                                                                                                  MD5:000A3A4A4888CD4FC1CD4F61E99169B8
                                                                                                                  SHA1:4880F3322EADBC7C2E368AF5ECF49F84D19D054F
                                                                                                                  SHA-256:81A5FC99A9E54719A8FB2279949ED61D3CBAEA5B55CDAF4B7F28486C799E7968
                                                                                                                  SHA-512:19690D3CCBD7EE50B0FEC6AC4EE119D12CC7EE99851DB2009C55BCAC69BEC1DC4AD94E85EB1DDDF218B173C114542CDE936B3E386338D315B0FA44385326EC7C
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:16.937 9ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2020/11/18-21:01:16.942 9ac Recovering log #3.2020/11/18-21:01:16.945 9ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):334
                                                                                                                  Entropy (8bit):5.1784271365282715
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qXgQL+q2PWXp+N23iKKdKgXz4rRIFUtwDqXhGKWZmwyDqXhQLVkwOWXp+N23iKj:4qQQ+va5KkgXiuFUtwDqRGKW/yDqRQV/
                                                                                                                  MD5:CB12610E9A9140AF63F281FA32819C71
                                                                                                                  SHA1:8452DC2EF06D386CF329939D778C465F29DF546C
                                                                                                                  SHA-256:395CDB8940C7A3C23C155CDF77E29BC793C40B032A470D1A00EB23361831CBA3
                                                                                                                  SHA-512:4BDFB5D90C87037149D4C59CD612E606627C517560F0AF3D0929CDE18CDCEACEC7D983B894952C93A03E7A8EA36C69BB7CABDA9867C506E42B99E29729FEB594
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:17.602 15ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2020/11/18-21:01:17.603 15ec Recovering log #3.2020/11/18-21:01:17.603 15ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):76
                                                                                                                  Entropy (8bit):1.9837406708828553
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:5ljljljl:5ljljljl
                                                                                                                  MD5:E24AD8AA6B0DA8DFE987E3E54D52EC5D
                                                                                                                  SHA1:485CABA03E0DB2443EF0221755ABD8FC9F0C509F
                                                                                                                  SHA-256:7364E1A8D99A13C068521140E6D174EB583901D28962BFFFB4BEF49BE6C38298
                                                                                                                  SHA-512:A5624B12CFF5910552A66CA57C2D62CE587A02941CE66EF4BD38FB74BE912B078095A6489F9A93AA36058A431B9536C859F323CD505BBD568198664C71A3E138
                                                                                                                  Malicious:false
                                                                                                                  Preview: ..&f.................&f.................&f.................&f...............
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):320
                                                                                                                  Entropy (8bit):5.147756358017448
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qXAuQL+q2PWXp+N23iKKdKrQMxIFUtwDqX4GKWZmwyDqX4QLVkwOWXp+N23iKKS:4qwuQ+va5KkCFUtwDqoGKW/yDqoQV5fj
                                                                                                                  MD5:7D765DF041B0FC2532A588208CCC411A
                                                                                                                  SHA1:94307153A19AE4B68C3701ABECB1578270F0610B
                                                                                                                  SHA-256:8C6CF9BB7DEDB4F7EAD2E98C36A9DAC2CAAE459F2227E5075F2649A0DE7610F3
                                                                                                                  SHA-512:073BF1AA2C14AC1FE5DD70BAC7FAA9D72B6B5804B349A37B175DCB2CE7B3BA44ED7C079F085476A6F0F4CC2EF1E4D9F3D4748B1FC47C4D5FE713BC66A019A27C
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:17.443 15ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2020/11/18-21:01:17.444 15ec Recovering log #3.2020/11/18-21:01:17.444 15ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):348
                                                                                                                  Entropy (8bit):5.145294490413617
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qXiuyv34q2PWXp+N23iKKdK7Uh2ghZIFUtwDqXIL3JZmwyDqXEuyVNDkwOWXp+/:4qyLIva5KkIhHh2FUtwDqAZ/yDqlyVFK
                                                                                                                  MD5:10512051905AB458AD7C21C89D95789F
                                                                                                                  SHA1:A3D77DD6BC7C5615FD6127B08590D65112484449
                                                                                                                  SHA-256:D0AADB5692A2F0FF756B1095FBFC4DCF00877DB81E02BBFA199E8266F4000A7F
                                                                                                                  SHA-512:14A62919F9FE9CBCD15F1EDA43BCDC2ECF910E1B3FAC89E363CB1B4AD9FE835293CCC390C193EB64DA38544E7594D448AA8F02A99B6E0330873E2F2FF5EAB7CC
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:16.824 17d0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2020/11/18-21:01:16.844 17d0 Recovering log #3.2020/11/18-21:01:16.848 17d0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):296
                                                                                                                  Entropy (8bit):0.19535324365485862
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:8E:8
                                                                                                                  MD5:C4DF0FB10C4332150B2C336396CE1B66
                                                                                                                  SHA1:780A76E101DE3DE2E68D23E64AB1A44D47A73207
                                                                                                                  SHA-256:18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
                                                                                                                  SHA-512:51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
                                                                                                                  Malicious:false
                                                                                                                  Preview: .'..(...................................................................................................................................................................................................................................................................................................
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):430
                                                                                                                  Entropy (8bit):5.187794871361031
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:4qGuQ+va5KkFFUtwDqYGKW/yDqYQV5f5KkOJ:4zu5a5KkfgW7GKTD7Sf5KkK
                                                                                                                  MD5:8AAD7D4B197D7411A8BD655BBEB298EA
                                                                                                                  SHA1:49F75A39DD043C4ED66D8628F0253E8BC9CF7E68
                                                                                                                  SHA-256:14ECA2C05C748B8C6A3A60BE70AFDABF830A9439F41BAC23044540F22A690686
                                                                                                                  SHA-512:256E8781554AB753D9CFA5D7433E64BF9D030B2A8B5A8524823B82D8E861753A1B450CE9390C563B125150CC73B4094A2FA592035CAAF1EF3B029A6218376F67
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:17.500 15ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2020/11/18-21:01:17.501 15ec Recovering log #3.2020/11/18-21:01:17.501 15ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):432
                                                                                                                  Entropy (8bit):5.296999436548437
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:4q0hVva5KkmiuFUtwDqXg/yDqSTI5f5Kkm2J:4Vh5a5KkSgWc9DZTSf5Kkr
                                                                                                                  MD5:C1228707741B0F0FD86B3603B0FCA3B7
                                                                                                                  SHA1:C6FF5AD152995BE27DA05333A18E5FA2D216372D
                                                                                                                  SHA-256:388C407D282610285539C389F96FFA465121EF5C8FA6FD9D65D7EE044381A0A6
                                                                                                                  SHA-512:3EC5065F4D0A59552ECA80198CAC5C8E7EE76DAEF1965CF67A6D0BBC21041AD356E8A1C743418A4DE9257C5E8ED519CF797F11DDB058636E5F7F8F28EAC55FE1
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:17.597 1244 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2020/11/18-21:01:17.598 1244 Recovering log #3.2020/11/18-21:01:17.599 1244 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):19
                                                                                                                  Entropy (8bit):1.9837406708828553
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:5l:5l
                                                                                                                  MD5:E556F26DF3E95C19DBAECA8F5DF0C341
                                                                                                                  SHA1:247A89F0557FC3666B5173833DB198B188F3AA2E
                                                                                                                  SHA-256:B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
                                                                                                                  SHA-512:055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
                                                                                                                  Malicious:false
                                                                                                                  Preview: ..&f...............
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):418
                                                                                                                  Entropy (8bit):5.248113491370246
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qXTQNAVq2PWXp+N23iKKdKusNpZQMxIFUtwDqXTDAgZmwyDqXTVAIkwOWXp+N2R:4q5Vva5KkMFUtwDqAg/yDqOI5f5KkTJ
                                                                                                                  MD5:3DD7A6230CC8BD589138D75BFA476061
                                                                                                                  SHA1:1889A52E7F6D3BEFDE02B9E9EC6B3EFB1C88D077
                                                                                                                  SHA-256:B7F7ACCD1D7F8D7581A68D6B6F515FC2A035CF256BC0A9A7A1E246466F5FA502
                                                                                                                  SHA-512:26EA415BA65F82677D67B3C82D4F46556C6B0419B994EAE5DD79BC72D4EF1C6CEA9C47B2E974587B48C5175A6D5B0FF0F9FF87CF4CC09C0F61A16AD1B5994726
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:35.048 1244 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2020/11/18-21:01:35.049 1244 Recovering log #3.2020/11/18-21:01:35.050 1244 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\ba6be382-ac6f-4a96-b167-1d78d8d5f8c2.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):420
                                                                                                                  Entropy (8bit):4.985305467053914
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
                                                                                                                  MD5:C401B619D9D8E0ADABC25A47EE49CFBA
                                                                                                                  SHA1:C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
                                                                                                                  SHA-256:8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
                                                                                                                  SHA-512:BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):38
                                                                                                                  Entropy (8bit):1.9837406708828553
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:sgGg:st
                                                                                                                  MD5:45A8ECA4E5C4A6B1395080C1B728B6C9
                                                                                                                  SHA1:8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
                                                                                                                  SHA-256:DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
                                                                                                                  SHA-512:8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
                                                                                                                  Malicious:false
                                                                                                                  Preview: ..F..................F................
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):324
                                                                                                                  Entropy (8bit):5.208396462911511
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qX9RIq2PWXp+N23iKKdKpIFUtwDqXqZmwyDqXQ/zkwOWXp+N23iKKdKa/WLJ:4q/Iva5KkmFUtwDq6/yDqA/z5f5KkaUJ
                                                                                                                  MD5:0D7DDD9E3220ADDB7A4FDDFC695952E5
                                                                                                                  SHA1:DD0D47CEA8F9CDC0BCD781074D81936E65BA8280
                                                                                                                  SHA-256:7992333EE9F18764D95023ED04A384DE4F2F159F2FBCEE9BBCD56385B978A7A4
                                                                                                                  SHA-512:1B65CB7CC07125FC9A07A8F961AA4018EECB9802DD7617FC3E10CC93B2A9F8AE25D2557A4E584673A2E36CB1ACF5AAD9DD5E9B1858A12D0F1A934098762FB063
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:16.843 1520 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2020/11/18-21:01:16.855 1520 Recovering log #3.2020/11/18-21:01:16.873 1520 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c15ae90d-79de-439a-bd2d-a7041380172c.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):1835
                                                                                                                  Entropy (8bit):4.890989812978164
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Y2TntwCXGDH3qyvz5sqTsPRLsVDrosAMHcYhbD:JTnOCXGDHa+ztWQrQGNhH
                                                                                                                  MD5:6E01172FDBBFAB636ED8B173BE1F98B5
                                                                                                                  SHA1:E42B77F319CAED1907BB824750B0CB32D39BE12D
                                                                                                                  SHA-256:9F8D32824C17D5C2A0713FFAE326BD9955946E8B30E38CC329B7C7535DD44DD5
                                                                                                                  SHA-512:A7A029C5A4F46A7E066DD9A624EBCF8C634882B8829CF0D58A283D7A9B62588D0D096CC1DCEE2384F013BB4D172BB74F5D28E1377D562A4481C4BD1CD2153212
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13252827681362500","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_se
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16
                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                                                                                                  MD5:6752A1D65B201C13B62EA44016EB221F
                                                                                                                  SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                                                                                                  SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                                                                                                  SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                                                                                                  Malicious:false
                                                                                                                  Preview: MANIFEST-000004.
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):139
                                                                                                                  Entropy (8bit):4.393079411467409
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:tVPwqX/wnuUcKTyZmwvKDqX/zVXkO7V8nDqX/zVXkO7WGv:4qX/51ZmwyDqX/zRl7VSDqX/zRl7tv
                                                                                                                  MD5:7C70EC4C292E108487D37D29DFC9B47A
                                                                                                                  SHA1:9FDBF0A5F6C00C429AA7E16CEBF6D7B2057C66D7
                                                                                                                  SHA-256:C57B9EC78B53D59387C2AABB58CCDB99A247A9ED01AB39BA40653006DA989731
                                                                                                                  SHA-512:4645BDD93697255C88967864605347FD7624E640A19D746EE3B733C37F87592BBF2CCB7F330FDF8AFA53E6AB81B9E191B14D7314347635EBBA1DE2576724B927
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:26.571 1174 Recovering log #3.2020/11/18-21:01:26.605 1174 Delete type=0 #3.2020/11/18-21:01:26.605 1174 Delete type=3 #2.
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:MPEG-4 LOAS
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):50
                                                                                                                  Entropy (8bit):5.028758439731456
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
                                                                                                                  MD5:031D6D1E28FE41A9BDCBD8A21DA92DF1
                                                                                                                  SHA1:38CEE81CB035A60A23D6E045E5D72116F2A58683
                                                                                                                  SHA-256:B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
                                                                                                                  SHA-512:E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
                                                                                                                  Malicious:false
                                                                                                                  Preview: V........leveldb.BytewiseComparator...#...........
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f03f3c5e-61b7-4065-9546-0e3c76e2f3d8.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):15427
                                                                                                                  Entropy (8bit):5.600897665652129
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:mKtvLlb1Xn1kXqKf/pUZNCgVLH2HfDTrUB+e54P:7Lltn1kXqKf/pUZNCgVLH2HfnrUoe5w
                                                                                                                  MD5:CAA65FC18746C7D6CF3242958DA41E38
                                                                                                                  SHA1:0460C96D1477CBB389A956CD130FF2E248C48CD9
                                                                                                                  SHA-256:5186ED02A54AC40D8BCDDA42DCB92169C1950F3EA7BB8EC15E3B97809258C4B6
                                                                                                                  SHA-512:304F691A627CF04DE7437C9A24692DF81F5B4CE12CDFE4D724646F351A0CD5DA5E73F95F1460496DFDBF8EA7EAC7538375B8A1EEA416A7897BF8F61EE76227A1
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13250235676826427","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):338
                                                                                                                  Entropy (8bit):5.173451318480128
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4qX/sWQL+q2PWXp+N23iKKdKfrzAdIFUtwDqX/YGKWZmwyDqX/3QLVkwOWXp+N22:4qEWQ+va5Kk9FUtwDqQGKW/yDqfQV5f2
                                                                                                                  MD5:E946F9EFA720158FB6DF7C15ACFF16F3
                                                                                                                  SHA1:E9263092C53429E11B1FE54E1364D32ADACA00E7
                                                                                                                  SHA-256:25631C3D7AC4998D6C2E5D7E2429C0991BCF334CE4AE1B5C0A4C260D7100B68A
                                                                                                                  SHA-512:69F5304B0A7C114FE5D8317589F5171E84AB0A091A7EADA8ED346C68F7F740734C1765E2FD46C03C669EFD86FFEF6392A0849AE9896360CF9407E135D4E4782A
                                                                                                                  Malicious:false
                                                                                                                  Preview: 2020/11/18-21:01:27.185 15ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2020/11/18-21:01:27.197 15ec Recovering log #3.2020/11/18-21:01:27.198 15ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):106
                                                                                                                  Entropy (8bit):3.138546519832722
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
                                                                                                                  MD5:DE9EF0C5BCC012A3A1131988DEE272D8
                                                                                                                  SHA1:FA9CCBDC969AC9E1474FCE773234B28D50951CD8
                                                                                                                  SHA-256:3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
                                                                                                                  SHA-512:CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
                                                                                                                  Malicious:false
                                                                                                                  Preview: C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13
                                                                                                                  Entropy (8bit):2.8150724101159437
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Yx7:4
                                                                                                                  MD5:C422F72BA41F662A919ED0B70E5C3289
                                                                                                                  SHA1:AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
                                                                                                                  SHA-256:02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
                                                                                                                  SHA-512:86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
                                                                                                                  Malicious:false
                                                                                                                  Preview: 85.0.4183.121
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\b005fb2b-e223-4c8c-b8c9-0d648a78e4f7.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):161839
                                                                                                                  Entropy (8bit):6.0828877857821055
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:48GZLd5Eh1zO2iL6d8BRWCr5FcbXafIB0u1GOJmA3iuRb:zGZLda1SRm8B97aqfIlUOoSiuRb
                                                                                                                  MD5:6B6EF68D0AA87244FAC4601615D13A9D
                                                                                                                  SHA1:C7C184ABD4904F2E029C9B948824C1F6A6D2EB7B
                                                                                                                  SHA-256:F936220FAFE1C48B20BD85613DD887C5CB04BDFB6A9620855930A179BAEFFCB6
                                                                                                                  SHA-512:9F5D156872C73781FC8DDA8C6A42E77813BA50F79FAB11D20580F1A15D609C956FDDE4B0B24C354BBDECC9EAA424BA1C83D3DA9AF5758AEBC48D74A1B61BAE94
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.605762080685905e+12,"network":1.605729681e+12,"ticks":164674400.0,"uncertainty":2638498.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016830546"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\eeebe8c7-8de4-41a4-8bb8-766aa7ea86b5.tmp
                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):161839
                                                                                                                  Entropy (8bit):6.082886695776939
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:hoGZLd5Eh1zO2iL6d8BRWCr5FcbXafIB0u1GOJmA3iuRb:6GZLda1SRm8B97aqfIlUOoSiuRb
                                                                                                                  MD5:BAC347D1844D5EBDFE186D7FA5FE6CCF
                                                                                                                  SHA1:CF8820AD6F10DA7488A04A86B692430D593873E1
                                                                                                                  SHA-256:A62129961D405C0D3F917E7C6AF97F4D96C58C5166AA58A8186B07BDC7B2D8AA
                                                                                                                  SHA-512:3403AE79CD9E838EECB48F6F143F86218835BEA38895DE542A7BDF6907BFAC5569A7494B480421850C9EEE18649C30A3B550FB70F886EB77603FAD65BEFAE8CA
                                                                                                                  Malicious:false
                                                                                                                  Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.605762080685905e+12,"network":1.605729681e+12,"ticks":164674400.0,"uncertainty":2638498.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PDF document, version 1.5
                                                                                                                  Entropy (8bit):7.989016659856477
                                                                                                                  TrID:
                                                                                                                  • Adobe Portable Document Format (5005/1) 100.00%
                                                                                                                  File name:Minerva Bunkering (covid-19 stimulus funds).pdf
                                                                                                                  File size:220514
                                                                                                                  MD5:ec8cab28ade934e04d75978b41f4add2
                                                                                                                  SHA1:a1acf24bf7d8e9a886d56b51fa0e0d968daea89a
                                                                                                                  SHA256:47093fca6e0c5522f65da88af807e8706af9eba01c84ec29d108af469fe65eb9
                                                                                                                  SHA512:79fdc37be23f456ad919166c527ada540f0b8dffaabc5d17d8422329dea2f226c243a145a2ac7ba23a8884b2351cf904a79bd6deaed1903bf97e7fa75716dcba
                                                                                                                  SSDEEP:6144:5FHl7EGbr9K4Wb0T9sVGP73r0lMpuiUIo94O2max8VLfXDb:5FHtEG1rWb0KsT3r0uQBP94O2H8hf/
                                                                                                                  File Content Preview:%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) >>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 8 0 R/F3 10 0 R/F4 12 0 R/F5 14 0 R/F6 16 0 R/F7 18 0 R

                                                                                                                  File Icon

                                                                                                                  Icon Hash:74ecccdcd4ccccf0

                                                                                                                  Static PDF Info

                                                                                                                  General

                                                                                                                  Header:%PDF-1.5
                                                                                                                  Total Entropy:7.989017
                                                                                                                  Total Bytes:220514
                                                                                                                  Stream Entropy:7.995102
                                                                                                                  Stream Bytes:213045
                                                                                                                  Entropy outside Streams:5.131937
                                                                                                                  Bytes outside Streams:7469
                                                                                                                  Number of EOF found:2
                                                                                                                  Bytes after EOF:

                                                                                                                  Keywords Statistics

                                                                                                                  NameCount
                                                                                                                  obj36
                                                                                                                  endobj36
                                                                                                                  stream9
                                                                                                                  endstream9
                                                                                                                  xref2
                                                                                                                  trailer2
                                                                                                                  startxref2
                                                                                                                  /Page1
                                                                                                                  /Encrypt0
                                                                                                                  /ObjStm0
                                                                                                                  /URI2
                                                                                                                  /JS0
                                                                                                                  /JavaScript0
                                                                                                                  /AA0
                                                                                                                  /OpenAction0
                                                                                                                  /AcroForm0
                                                                                                                  /JBIG2Decode0
                                                                                                                  /RichMedia0
                                                                                                                  /Launch0
                                                                                                                  /EmbeddedFile0

                                                                                                                  Network Behavior

                                                                                                                  Network Port Distribution

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Nov 18, 2020 21:00:05.921099901 CET6511053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:05.948453903 CET53651108.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:06.934642076 CET5836153192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:06.962284088 CET53583618.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:07.734901905 CET6349253192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:07.762264013 CET53634928.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:08.519290924 CET6083153192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:08.546391964 CET53608318.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:09.289351940 CET6010053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:09.316695929 CET53601008.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:10.960648060 CET5319553192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:10.988184929 CET53531958.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:12.019118071 CET5014153192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:12.046608925 CET53501418.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:13.208089113 CET5302353192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:13.235579967 CET53530238.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:14.242458105 CET4956353192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:14.278168917 CET53495638.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:15.204540014 CET5135253192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:15.245568991 CET53513528.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:17.693631887 CET5934953192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:17.720854044 CET53593498.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:20.047940969 CET5708453192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:20.075138092 CET53570848.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:23.608393908 CET5882353192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:23.644207954 CET53588238.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:27.006567955 CET5756853192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:27.011214018 CET5054053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:27.043893099 CET53575688.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:27.048325062 CET53505408.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:28.010240078 CET5054053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:28.014267921 CET5756853192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:28.047472000 CET53505408.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:28.051318884 CET53575688.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:29.011066914 CET5054053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:29.011120081 CET5756853192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:29.046988010 CET53575688.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:29.051810026 CET53505408.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:31.058792114 CET5756853192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:31.058846951 CET5054053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:31.086169958 CET53505408.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:31.094424963 CET53575688.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:35.059348106 CET5054053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:35.059389114 CET5756853192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:35.094906092 CET53575688.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:35.094949961 CET53505408.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:38.572387934 CET5436653192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:38.599649906 CET53543668.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:39.660273075 CET5303453192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:39.699672937 CET53530348.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:55.382818937 CET5776253192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:55.418574095 CET53577628.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:00:55.588862896 CET5543553192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:00:55.616099119 CET53554358.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:05.455526114 CET5071353192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:05.562871933 CET53507138.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:13.769443989 CET5613253192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:13.796684980 CET53561328.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:21.255259991 CET6129253192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:21.291004896 CET53612928.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:21.301196098 CET6361953192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:21.304677010 CET6493853192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:21.306798935 CET6194653192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:21.323499918 CET6491053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:21.349647999 CET53636198.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:21.362562895 CET53649388.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:21.368479967 CET53619468.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:21.372395039 CET53649108.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:21.456197023 CET6491153192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:21.457479000 CET6491253192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:21.499896049 CET53649118.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:21.500936031 CET53649128.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:21.666455984 CET5212353192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:21.709613085 CET53521238.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:21.732819080 CET5613053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:21.805876017 CET53561308.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:22.584220886 CET5633853192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:22.621191978 CET53563388.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:26.849455118 CET6293853192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:26.934132099 CET53629388.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:26.939691067 CET6293953192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:26.940022945 CET6294053192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:26.975539923 CET53629398.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:26.975565910 CET53629408.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:48.033447981 CET5535953192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:48.060581923 CET53553598.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:49.665353060 CET5830653192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:49.708606958 CET53583068.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:56.988740921 CET6412453192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:57.067599058 CET53641248.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:57.073005915 CET6412553192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:57.073458910 CET6412653192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:01:57.108588934 CET53641258.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:01:57.108700037 CET53641268.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:17.850666046 CET4936153192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:17.894857883 CET53493618.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:18.142898083 CET5327953192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:18.179037094 CET53532798.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:18.231389046 CET5688153192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:18.279881001 CET53568818.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:18.376983881 CET5364253192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:18.412564993 CET53536428.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:20.227580070 CET5566753192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:20.271415949 CET53556678.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:56.465622902 CET5483353192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:56.501095057 CET53548338.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:56.949942112 CET6247653192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:56.989939928 CET53624768.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:57.107902050 CET4970553192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:57.194175959 CET53497058.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:57.199336052 CET6147853192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:57.199683905 CET6147953192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:57.235086918 CET53614788.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:57.248258114 CET53614798.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:57.415152073 CET6163353192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:57.456078053 CET53616338.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:57.754303932 CET5594953192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:57.789836884 CET53559498.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:58.226658106 CET5760153192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:58.267349005 CET53576018.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:58.853107929 CET4934253192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:58.880363941 CET53493428.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:02:59.468698025 CET5625353192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:02:59.504331112 CET53562538.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:03:00.250904083 CET4966753192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:03:00.286611080 CET53496678.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:03:01.135520935 CET5543953192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:03:01.171385050 CET53554398.8.8.8192.168.2.3
                                                                                                                  Nov 18, 2020 21:03:01.532572031 CET5706953192.168.2.38.8.8.8
                                                                                                                  Nov 18, 2020 21:03:01.568276882 CET53570698.8.8.8192.168.2.3

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                  Nov 18, 2020 21:01:05.455526114 CET192.168.2.38.8.8.80x5b6aStandard query (0)shbfinanceonline.comA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:01:21.306798935 CET192.168.2.38.8.8.80x789aStandard query (0)shbfinanceonline.comA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:01:21.732819080 CET192.168.2.38.8.8.80xecc9Standard query (0)shbfinanceonline.comA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:01:26.849455118 CET192.168.2.38.8.8.80x8d79Standard query (0)shbfinanceonline.comA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:01:56.988740921 CET192.168.2.38.8.8.80x2e11Standard query (0)shbfinanceonline.comA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:02:57.107902050 CET192.168.2.38.8.8.80x13faStandard query (0)shbfinanceonline.comA (IP address)IN (0x0001)

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                  Nov 18, 2020 21:01:05.562871933 CET8.8.8.8192.168.2.30x5b6aServer failure (2)shbfinanceonline.comnonenoneA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:01:21.368479967 CET8.8.8.8192.168.2.30x789aServer failure (2)shbfinanceonline.comnonenoneA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:01:21.805876017 CET8.8.8.8192.168.2.30xecc9Server failure (2)shbfinanceonline.comnonenoneA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:01:26.934132099 CET8.8.8.8192.168.2.30x8d79Server failure (2)shbfinanceonline.comnonenoneA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:01:57.067599058 CET8.8.8.8192.168.2.30x2e11Server failure (2)shbfinanceonline.comnonenoneA (IP address)IN (0x0001)
                                                                                                                  Nov 18, 2020 21:02:57.194175959 CET8.8.8.8192.168.2.30x13faServer failure (2)shbfinanceonline.comnonenoneA (IP address)IN (0x0001)

                                                                                                                  Code Manipulations

                                                                                                                  Statistics

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Start time:21:00:10
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf'
                                                                                                                  Imagebase:0xcf0000
                                                                                                                  File size:2571312 bytes
                                                                                                                  MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Start time:21:00:11
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Minerva Bunkering (covid-19 stimulus funds).pdf'
                                                                                                                  Imagebase:0xcf0000
                                                                                                                  File size:2571312 bytes
                                                                                                                  MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Start time:21:00:17
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
                                                                                                                  Imagebase:0x50000
                                                                                                                  File size:9475120 bytes
                                                                                                                  MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Start time:21:00:19
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15373597887766909572 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15373597887766909572 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
                                                                                                                  Imagebase:0x50000
                                                                                                                  File size:9475120 bytes
                                                                                                                  MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Start time:21:00:21
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=14791092664178826494 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
                                                                                                                  Imagebase:0x50000
                                                                                                                  File size:9475120 bytes
                                                                                                                  MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Start time:21:00:23
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8492071965490764970 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8492071965490764970 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
                                                                                                                  Imagebase:0x50000
                                                                                                                  File size:9475120 bytes
                                                                                                                  MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Start time:21:00:25
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14373895592216979608 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14373895592216979608 --renderer-client-id=5 --mojo-platform-channel-handle=1868 --allow-no-sandbox-job /prefetch:1
                                                                                                                  Imagebase:0x50000
                                                                                                                  File size:9475120 bytes
                                                                                                                  MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Start time:21:00:32
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1736,10687347341214644166,14685399907552453397,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9425941586031478083 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9425941586031478083 --renderer-client-id=6 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1
                                                                                                                  Imagebase:0x50000
                                                                                                                  File size:9475120 bytes
                                                                                                                  MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Start time:21:01:15
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://shbfinanceonline.com/shbfinanceonline/redirect.html'
                                                                                                                  Imagebase:0x7ff77b960000
                                                                                                                  File size:2150896 bytes
                                                                                                                  MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Start time:21:01:18
                                                                                                                  Start date:18/11/2020
                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,4823254970071819640,4137079253599972124,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8
                                                                                                                  Imagebase:0x7ff77b960000
                                                                                                                  File size:2150896 bytes
                                                                                                                  MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  Disassembly

                                                                                                                  Code Analysis

                                                                                                                  Reset < >