Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report COVID19_MentalHealth.pdf

Overview

General Information

Sample Name:COVID19_MentalHealth.pdf
Analysis ID:330920
MD5:0eddf4e2ea8f23fa34620d15074da24c
SHA1:3ffeeb5bde4d87299e3175917b6e8d7889ea0913
SHA256:bc3cd005701b168d87ee8146c5a1fc995936985cb0da7992ad356f02c21e60af

Most interesting Screenshot:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
IP address seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)
Potential document exploit detected (performs DNS queries)
Unable to load, pdf file is invalid

Classification

Startup

  • System is w10x64
  • AcroRd32.exe (PID: 4952 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\COVID19_MentalHealth.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • AcroRd32.exe (PID: 5708 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\COVID19_MentalHealth.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • RdrCEF.exe (PID: 5240 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6212 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8824394977426197921 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8824394977426197921 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6244 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=18010116590796279063 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6320 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6134182799145032745 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6134182799145032745 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6496 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9513205951343530347 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9513205951343530347 --renderer-client-id=5 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: COVID19_MentalHealth.pdfVirustotal: Detection: 11%Perma Link
Machine Learning detection for sampleShow sources
Source: COVID19_MentalHealth.pdfJoe Sandbox ML: detected
Source: global trafficDNS query: name: kb4.io
Source: Joe Sandbox ViewIP Address: 80.0.0.0 80.0.0.0
Source: unknownDNS traffic detected: queries for: kb4.io
Source: AcroRd32.exe, 00000001.00000003.218910617.000000000C7F5000.00000004.00000001.sdmpString found in binary or memory: http://...............Acrobat
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/abled
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/mb
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/d
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/edqb.
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#ckedUb
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#ctive
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/schema#vecb
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#ctive
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfe/ns/id/a
Source: AcroRd32.exe, 00000001.00000002.414347395.000000000C488000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.412728955.000000000AB64000.00000004.00000001.sdmpString found in binary or memory: http://www.dictionary.com/cgi-bin/dict.pl?term=
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpString found in binary or memory: http://www.npes.org/pdfx/ns/id/d
Source: AcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpString found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000001.00000002.415213082.000000000C957000.00000004.00000001.sdmpString found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.413243498.000000000AD63000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/erU
Source: AcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/gn
Source: AcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/l/
Source: AcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/th
Source: AcroRd32.exe, 00000001.00000002.413243498.000000000AD63000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/p
Source: AcroRd32.exe, 00000001.00000002.416353052.000000000CC59000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.416353052.000000000CC59000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.comRL
Source: AcroRd32.exe, 00000001.00000002.414347395.000000000C488000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.413104880.000000000ACC1000.00000004.00000001.sdmpString found in binary or memory: https://idisk.mac.com/
Source: AcroRd32.exe, 00000001.00000002.410473388.000000000A090000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000002.410473388.000000000A090000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.comT
Source: AcroRd32.exe, 00000001.00000002.415716119.000000000CAE5000.00000004.00000001.sdmpString found in binary or memory: https://online-banking.kb4.io
Source: AcroRd32.exe, 00000001.00000003.214261056.000000000A162000.00000004.00000001.sdmp, COVID19_MentalHealth.pdfString found in binary or memory: https://online-banking.kb4.io/XYWNe0aW9uPWnNsaWNrJnqVybD1omtdHRwvczovL3NlcY3cVyZWQtbG9naW4ubmV0eL3Bh
Source: AcroRd32.exe, 00000001.00000002.415350642.000000000C9F6000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.416240390.000000000CBF9000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.415213082.000000000C957000.00000004.00000001.sdmp, COVID19_MentalHealth.pdfString found in binary or memory: https://online-banking.kb4.io/XYWNg0aW9uPWgF0dGFjaGc1lbnQmjucmVjxaXBpZW50mX2nlkPTc0MzQ1MDUyMSZjpYW1w
Source: AcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000003.214261056.000000000A162000.00000004.00000001.sdmp, COVID19_MentalHealth.pdfString found in binary or memory: https://online-banking.kb4.io/XYWNr0aW9uPWjNsaWNrJnaVybD1ooidHRwoczovL3NlsY3oVyZWQtbG9naW4ubmV0hL3Bh
Source: AcroRd32.exe, 00000001.00000003.214261056.000000000A162000.00000004.00000001.sdmp, COVID19_MentalHealth.pdfString found in binary or memory: https://online-banking.kb4.io/XYWNt0aW9uPWqNsaWNrJnyVybD1ofhdHRwwczovL3NliY3yVyZWQtbG9naW4ubmV0qL3Bh
Source: AcroRd32.exe, 00000001.00000002.405743803.00000000084AD000.00000002.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeWindow title found: acrobat reader an error occurred during the submit process. the server could not be located.ok
Source: classification engineClassification label: mal52.winPDF@13/46@2/2
Source: COVID19_MentalHealth.pdfInitial sample: https://online-banking.kb4.io/XYWNt0aW9uPWqNsaWNrJnyVybD1ofhdHRwwczovL3NliY3yVyZWQtbG9naW4ubmV0qL3BhZ2VzL2M4MTdkNjlmNjY0NSZyZWNpcGllbnRfaWQ9NzQzNDUwNTIxJmNhbXBhaWduX3J1bl9pZD0zOTgxNDEy
Source: COVID19_MentalHealth.pdfInitial sample: https://online-banking.kb4.io/xywnr0aw9upwjnsawnrjnavybd1ooidhrwoczovl3nlsy3ovyzwqtbg9naw4ubmv0hl3bhz2vzl2m4mtdknjlmnjy0nszyzwnpcgllbnrfawq9nzqznduwntixjmnhbxbhawdux3j1bl9pzd0zotgxndey
Source: COVID19_MentalHealth.pdfInitial sample: https://online-banking.kb4.io/XYWNr0aW9uPWjNsaWNrJnaVybD1ooidHRwoczovL3NlsY3oVyZWQtbG9naW4ubmV0hL3BhZ2VzL2M4MTdkNjlmNjY0NSZyZWNpcGllbnRfaWQ9NzQzNDUwNTIxJmNhbXBhaWduX3J1bl9pZD0zOTgxNDEy
Source: COVID19_MentalHealth.pdfInitial sample: https://online-banking.kb4.io/XYWNe0aW9uPWnNsaWNrJnqVybD1omtdHRwvczovL3NlcY3cVyZWQtbG9naW4ubmV0eL3BhZ2VzL2M4MTdkNjlmNjY0NSZyZWNpcGllbnRfaWQ9NzQzNDUwNTIxJmNhbXBhaWduX3J1bl9pZD0zOTgxNDEy
Source: COVID19_MentalHealth.pdfInitial sample: https://online-banking.kb4.io/xywnt0aw9upwqnsawnrjnyvybd1ofhdhrwwczovl3nliy3yvyzwqtbg9naw4ubmv0ql3bhz2vzl2m4mtdknjlmnjy0nszyzwnpcgllbnrfawq9nzqznduwntixjmnhbxbhawdux3j1bl9pzd0zotgxndey
Source: COVID19_MentalHealth.pdfInitial sample: https://online-banking.kb4.io/xywne0aw9upwnnsawnrjnqvybd1omtdhrwvczovl3nlcy3cvyzwqtbg9naw4ubmv0el3bhz2vzl2m4mtdknjlmnjy0nszyzwnpcgllbnrfawq9nzqznduwntixjmnhbxbhawdux3j1bl9pzd0zotgxndey
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIconsJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R15wpya6_22f045_4ek.tmpJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
Source: COVID19_MentalHealth.pdfVirustotal: Detection: 11%
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\COVID19_MentalHealth.pdf'
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\COVID19_MentalHealth.pdf'
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8824394977426197921 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8824394977426197921 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=18010116590796279063 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6134182799145032745 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6134182799145032745 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9513205951343530347 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9513205951343530347 --renderer-client-id=5 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\COVID19_MentalHealth.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8824394977426197921 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8824394977426197921 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=18010116590796279063 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6134182799145032745 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6134182799145032745 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9513205951343530347 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9513205951343530347 --renderer-client-id=5 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile opened: C:\Windows\SysWOW64\Msftedit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: COVID19_MentalHealth.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: COVID19_MentalHealth.pdfInitial sample: PDF keyword obj count = 54
Source: COVID19_MentalHealth.pdfInitial sample: PDF keyword /OpenAction
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: AcroRd32.exe, 00000001.00000002.415350642.000000000C9F6000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeCode function: 1_2_00734050 LdrInitializeThunk,
Source: AcroRd32.exe, 00000001.00000002.401554488.00000000054A0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.401554488.00000000054A0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.401554488.00000000054A0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.401554488.00000000054A0000.00000002.00000001.sdmpBinary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Spearphishing Link1Exploitation for Client Execution1Path InterceptionProcess Injection2Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Application Layer Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection2LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 330920 Sample: COVID19_MentalHealth.pdf Startdate: 15/12/2020 Architecture: WINDOWS Score: 52 33 Multi AV Scanner detection for submitted file 2->33 35 Machine Learning detection for sample 2->35 7 AcroRd32.exe 15 40 2->7         started        process3 process4 9 RdrCEF.exe 52 7->9         started        12 AcroRd32.exe 10 8 7->12         started        dnsIp5 23 192.168.2.1 unknown unknown 9->23 14 RdrCEF.exe 9->14         started        17 RdrCEF.exe 9->17         started        19 RdrCEF.exe 9->19         started        21 RdrCEF.exe 9->21         started        25 online-banking.kb4.io 12->25 27 landing.training.knowbe4.com 12->27 29 kb4.io 12->29 process6 dnsIp7 31 80.0.0.0 NTLGB United Kingdom 14->31

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
COVID19_MentalHealth.pdf11%VirustotalBrowse
COVID19_MentalHealth.pdf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
online-banking.kb4.io0%VirustotalBrowse
kb4.io0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://online-banking.kb4.io/XYWNe0aW9uPWnNsaWNrJnqVybD1omtdHRwvczovL3NlcY3cVyZWQtbG9naW4ubmV0eL3Bh0%Avira URL Cloudsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
https://ims-na1.adobelogin.comT0%Avira URL Cloudsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
https://online-banking.kb4.io/XYWNr0aW9uPWjNsaWNrJnaVybD1ooidHRwoczovL3NlsY3oVyZWQtbG9naW4ubmV0hL3Bh0%Avira URL Cloudsafe
http://ns.useplus.org/ldf/xmp/1.0/abled0%Avira URL Cloudsafe
https://online-banking.kb4.io/XYWNt0aW9uPWqNsaWNrJnyVybD1ofhdHRwwczovL3NliY3yVyZWQtbG9naW4ubmV0qL3Bh0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/0%Avira URL Cloudsafe
http://www.npes.org/pdfx/ns/id/0%URL Reputationsafe
http://www.npes.org/pdfx/ns/id/0%URL Reputationsafe
http://www.npes.org/pdfx/ns/id/0%URL Reputationsafe
http://www.osmf.org/drm/default0%URL Reputationsafe
http://www.osmf.org/drm/default0%URL Reputationsafe
http://www.osmf.org/drm/default0%URL Reputationsafe
https://api.echosign.comRL0%URL Reputationsafe
https://api.echosign.comRL0%URL Reputationsafe
https://api.echosign.comRL0%URL Reputationsafe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn0%URL Reputationsafe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn0%URL Reputationsafe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn0%URL Reputationsafe
https://online-banking.kb4.io/XYWNg0aW9uPWgF0dGFjaGc1lbnQmjucmVjxaXBpZW50mX2nlkPTc0MzQ1MDUyMSZjpYW1w0%Avira URL Cloudsafe
http://www.npes.org/pdfx/ns/id/d0%Avira URL Cloudsafe
http://...............Acrobat0%Avira URL Cloudsafe
http://www.osmf.org/subclip/1.00%URL Reputationsafe
http://www.osmf.org/subclip/1.00%URL Reputationsafe
http://www.osmf.org/subclip/1.00%URL Reputationsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/erU0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/l/0%Avira URL Cloudsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
https://.OKCancelEdit0%Avira URL Cloudsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/mb0%Avira URL Cloudsafe
https://online-banking.kb4.io0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/gn0%Avira URL Cloudsafe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes0%URL Reputationsafe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes0%URL Reputationsafe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes0%URL Reputationsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/th0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/0%Avira URL Cloudsafe
http://www.quicktime.com.Acrobat0%URL Reputationsafe
http://www.quicktime.com.Acrobat0%URL Reputationsafe
http://www.quicktime.com.Acrobat0%URL Reputationsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/p0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
landing.training.knowbe4.com
52.4.230.221
truefalse
    		high
    online-banking.kb4.io
    		unknown
    		unknownfalseunknown
    kb4.io
    		unknown
    		unknownfalseunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://online-banking.kb4.io/XYWNe0aW9uPWnNsaWNrJnqVybD1omtdHRwvczovL3NlcY3cVyZWQtbG9naW4ubmV0eL3BhAcroRd32.exe, 00000001.00000003.214261056.000000000A162000.00000004.00000001.sdmp, COVID19_MentalHealth.pdffalse
    • Avira URL Cloud: safe
    		unknown
    http://www.aiim.org/pdfa/ns/schema#AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
      		high
      http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/absAcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      https://ims-na1.adobelogin.comTAcroRd32.exe, 00000001.00000002.410473388.000000000A090000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.aiim.org/pdfa/ns/type#ctiveAcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
        		high
        http://cipa.jp/exif/1.0/AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/defaultAcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        https://online-banking.kb4.io/XYWNr0aW9uPWjNsaWNrJnaVybD1ooidHRwoczovL3NlsY3oVyZWQtbG9naW4ubmV0hL3BhAcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000003.214261056.000000000A162000.00000004.00000001.sdmp, COVID19_MentalHealth.pdffalse
        • Avira URL Cloud: safe
        		unknown
        http://ns.useplus.org/ldf/xmp/1.0/abledAcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://idisk.mac.com/AcroRd32.exe, 00000001.00000002.414347395.000000000C488000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.413104880.000000000ACC1000.00000004.00000001.sdmpfalse
          		high
          http://www.aiim.org/pdfa/ns/extension/edqb.AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
            		high
            http://www.aiim.org/pdfa/ns/extension/dAcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
              		high
              http://www.aiim.org/pdfa/ns/type#AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                		high
                https://api.echosign.comAcroRd32.exe, 00000001.00000002.416353052.000000000CC59000.00000004.00000001.sdmpfalse
                  		high
                  https://online-banking.kb4.io/XYWNt0aW9uPWqNsaWNrJnyVybD1ofhdHRwwczovL3NliY3yVyZWQtbG9naW4ubmV0qL3BhAcroRd32.exe, 00000001.00000003.214261056.000000000A162000.00000004.00000001.sdmp, COVID19_MentalHealth.pdffalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/AcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://www.npes.org/pdfx/ns/id/AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.osmf.org/drm/defaultAcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://api.echosign.comRLAcroRd32.exe, 00000001.00000002.416353052.000000000CC59000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dynAcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.aiim.org/pdfa/ns/extension/AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                    		high
                    https://online-banking.kb4.io/XYWNg0aW9uPWgF0dGFjaGc1lbnQmjucmVjxaXBpZW50mX2nlkPTc0MzQ1MDUyMSZjpYW1wAcroRd32.exe, 00000001.00000002.415350642.000000000C9F6000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.416240390.000000000CBF9000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.415213082.000000000C957000.00000004.00000001.sdmp, COVID19_MentalHealth.pdffalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.npes.org/pdfx/ns/id/dAcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://...............AcrobatAcroRd32.exe, 00000001.00000003.218910617.000000000C7F5000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://www.osmf.org/subclip/1.0AcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/erUAcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://www.aiim.org/pdfe/ns/id/aAcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                      		high
                      http://www.aiim.org/pdfa/ns/property#AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                        		high
                        https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/l/AcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://ns.useplus.org/ldf/xmp/1.0/AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.aiim.org/pdfa/ns/id/AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                          		high
                          https://.OKCancelEditAcroRd32.exe, 00000001.00000002.415213082.000000000C957000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://iptc.org/std/Iptc4xmpExt/2008-02-29/AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.osmf.org/layout/anchorAcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.aiim.org/pdfe/ns/id/AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                            		high
                            http://www.aiim.org/pdfa/ns/schema#vecbAcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                              		high
                              http://ns.useplus.org/ldf/xmp/1.0/mbAcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://online-banking.kb4.ioAcroRd32.exe, 00000001.00000002.415716119.000000000CAE5000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.aiim.org/pdfa/ns/field#AcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                                		high
                                https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/gnAcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributesAcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/thAcroRd32.exe, 00000001.00000002.414848696.000000000C6DB000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://www.dictionary.com/cgi-bin/dict.pl?term=AcroRd32.exe, 00000001.00000002.414347395.000000000C488000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.412728955.000000000AB64000.00000004.00000001.sdmpfalse
                                  		high
                                  https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/AcroRd32.exe, 00000001.00000002.413243498.000000000AD63000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://www.quicktime.com.AcrobatAcroRd32.exe, 00000001.00000002.402009507.00000000075F0000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://ims-na1.adobelogin.comAcroRd32.exe, 00000001.00000002.410473388.000000000A090000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.aiim.org/pdfa/ns/field#ckedUbAcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                                      		high
                                      https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/pAcroRd32.exe, 00000001.00000002.413243498.000000000AD63000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://www.aiim.org/pdfa/ns/field#ctiveAcroRd32.exe, 00000001.00000002.415101837.000000000C8BE000.00000004.00000001.sdmpfalse
                                        		high

                                        Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public

                                        IPDomainCountryFlagASNASN NameMalicious
                                        80.0.0.0
                                        		unknownUnited Kingdom
                                        		5089NTLGBfalse

                                        Private

                                        IP
                                        192.168.2.1

                                        General Information

                                        Joe Sandbox Version:31.0.0 Red Diamond
                                        Analysis ID:330920
                                        Start date:15.12.2020
                                        Start time:20:08:30
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 5m 26s
                                        Hypervisor based Inspection enabled:false
                                        Report type:light
                                        Sample file name:COVID19_MentalHealth.pdf
                                        Cookbook file name:defaultwindowspdfcookbook.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:30
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal52.winPDF@13/46@2/2
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HDC Information:Failed
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 0
                                        • Number of non-executed functions: 0
                                        Cookbook Comments:
                                        • Adjust boot time
                                        • Enable AMSI
                                        • Found application associated with file extension: .pdf
                                        • Found PDF document
                                        • Security Warning found
                                        • Security Warning found
                                        • Close Viewer
                                        Warnings:
                                        Show All
                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                        • Excluded IPs from analysis (whitelisted): 13.88.21.125, 2.20.143.130, 2.20.142.203, 23.54.113.182, 2.18.68.82, 51.11.168.160, 92.122.213.194, 92.122.213.247, 2.20.142.209, 2.20.142.210, 20.54.26.129
                                        • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, e4578.dscb.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, acroipm2.adobe.com, arc.msn.com, a122.dscd.akamai.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, acroipm2.adobe.com.edgesuite.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net
                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        20:09:30API Interceptor9x Sleep call for process: RdrCEF.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        80.0.0.0ds7002.lnkGet hashmaliciousBrowse
                                          https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9Get hashmaliciousBrowse
                                            iwqOx.pdfGet hashmaliciousBrowse
                                              https://jcpconsulting-my.sharepoint.com/:b:/g/personal/maireads_jcpconsulting_co_uk/ERfHfSCzdwpCiQXDqtKNHKkBnVvlszs3rd1CSU_-rQLUlg?e=0TY6UCGet hashmaliciousBrowse
                                                purchase.pdf.exeGet hashmaliciousBrowse
                                                  fOlUD.pdfGet hashmaliciousBrowse
                                                    aPJ75.pdfGet hashmaliciousBrowse
                                                      http://search.hdirectionsandmap.comGet hashmaliciousBrowse
                                                        https://mbtaroll.tk/Login.php?sslchannel=true&sessionid=Jpvx93y8JgRFpwB2D6S76FwVGVH0eKmArD2DZdvffGrHIfGfryVp0vtNmvQdBq2eIn8T1temjHcqnoXVK9jYs24fgzW8Poywqnsx1f3VYySbZPlY2BXshxKsAiqv4FaDCoGet hashmaliciousBrowse
                                                          https://mbtaroll.tk/Login.php?sslchannel=true&sessionid=Jpvx93y8JgRFpwB2D6S76FwVGVH0eKmArD2DZdvffGrHIfGfryVp0vtNmvQdBq2eIn8T1temjHcqnoXVK9jYs24fgzW8Poywqnsx1f3VYySbZPlY2BXshxKsAiqv4FaDCoGet hashmaliciousBrowse
                                                            nyEdi.pdfGet hashmaliciousBrowse
                                                              CHoyU.pdfGet hashmaliciousBrowse
                                                                ggBNN.pdfGet hashmaliciousBrowse
                                                                  KKjNA.pdfGet hashmaliciousBrowse
                                                                    IFPoj.pdfGet hashmaliciousBrowse
                                                                      MXNYB.pdfGet hashmaliciousBrowse
                                                                        npmiu.pdfGet hashmaliciousBrowse
                                                                          sCpYf.pdfGet hashmaliciousBrowse
                                                                            sIdiW.pdfGet hashmaliciousBrowse
                                                                              UsBzT.pdfGet hashmaliciousBrowse

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                landing.training.knowbe4.comhttps://online-banking.kb4.io/XYWNl0aW9uPWeNsaWNrJnhVybD1okgdHRwgczovL3NljY3oVyZWQtbG9naW4ubmV0aL3BhZ2VzL2RiOTY4MTUzYzA0JnJlY2lwaWVudF9pZD03NDMxOTI2NzcmY2FtcGFpZ25fcnVuX2lkPTM5Nzk2Njc=Get hashmaliciousBrowse
                                                                                • 18.235.63.255
                                                                                --3.docxGet hashmaliciousBrowse
                                                                                • 174.129.177.119
                                                                                --3.docxGet hashmaliciousBrowse
                                                                                • 52.1.237.223
                                                                                http://secure-mail.web.magnetonics.com/XYWNb0aW9uPWaNsaWNrJnxVybD1oyvdHRwpczovL3NluY3cVyZWQtbG9naW4ubmV0cL3BhZ2VzLzZlZDMzMTNjYTUwNCZyZWNpcGllbnRfaWQ9NzE3NDg1OTE4JmNhbXBhaWduX3J1bl9pZD0zODAzODQ4Get hashmaliciousBrowse
                                                                                • 34.199.144.209
                                                                                http://https.secure-links.bloemlight.com/XYWNf0aW9uPWnNsaWNrJnxVybD1ofjdHRwjczovL3NldY3pVyZWQtbG9naW4ubmV0gL3BhZ2VzL2M5YjU4MTE2MWJlNCZyZWNpcGllbnRfaWQ9NzA2NzEyMTExJmNhbXBhaWduX3J1bl9pZD0zNzMyNzk0Get hashmaliciousBrowse
                                                                                • 3.223.144.134
                                                                                Robles-Welch Law Office LLC.docGet hashmaliciousBrowse
                                                                                • 3.224.241.57
                                                                                Robles-Welch Law Office LLC.docGet hashmaliciousBrowse
                                                                                • 3.224.241.57
                                                                                Robles-Welch Law Office LLC.docGet hashmaliciousBrowse
                                                                                • 52.203.183.62
                                                                                AccountDescription.docxGet hashmaliciousBrowse
                                                                                • 52.20.130.184
                                                                                AccountDescription.docxGet hashmaliciousBrowse
                                                                                • 34.194.181.195
                                                                                https://link.edgepilot.com/s/9f5199a6/Idet6i-Ag02IzUir5924Sw?u=http://secure-mail.web.magnetonics.com/XYWNg0aW9uPWiNsaWNrJnaVybD1ozmdHRwaczovL3NlcY3mVyZWQtbG9naW4ubmV0rL3BhZ2VzL2MzOTU1YjFjNDhhJnJlY2lwaWVudF9pZD02ODkyODk1MzcmY2FtcGFpZ25fcnVuX2lkPTM2MTc4ODc%3DGet hashmaliciousBrowse
                                                                                • 35.172.241.209
                                                                                http://webconference.protected-forms.com/XYWNx0aW9uPWiNsaWNrJnyVybD1oovdHRwjczovL3NlhY3zVyZWQtbG9naW4ubmV0dL3BhZ2VzL2MzOTU1YjFjNDhhJnJlY2lwaWVudF9pZD02ODc3OTk2MjQmY2FtcGFpZ25fcnVuX2lkPTM2MDg4OTQ=Get hashmaliciousBrowse
                                                                                • 34.194.181.195
                                                                                http://guru.phishing.guru/XYWNq0aW9uPWnNsaWNrJnmVybD1oivdHRwdczovL3NleY3lVyZWQtbG9naW4ubmV0lL3BhZ2VzL2M5YjU4MTE2MWJlNCZyZWNpcGllbnRfaWQ9Njg4OTEzMDg4JmNhbXBhaWduX3J1bl9pZD0zNjE2NDY4Get hashmaliciousBrowse
                                                                                • 52.20.130.184
                                                                                http://05kqatnrj9s0snah9.phish.farm/XYWNf0aW9uPWkNsaWNrJneVybD1ocrdHRwyczovL3NlzY3zVyZWQtbG9naW4ubmV0xL3BhZ2VzL2M4MTdkNjlmNjY0NSZyZWNpcGllbnRfaWQ9Njg1MzkwNjU2JmNhbXBhaWduX3J1bl9pZD0zNTkyNzU0Get hashmaliciousBrowse
                                                                                • 52.204.201.25
                                                                                c315.xlsxGet hashmaliciousBrowse
                                                                                • 52.3.61.86
                                                                                c315.xlsxGet hashmaliciousBrowse
                                                                                • 52.20.130.184
                                                                                Estimates.docxGet hashmaliciousBrowse
                                                                                • 34.194.181.195
                                                                                Estimates.docxGet hashmaliciousBrowse
                                                                                • 52.20.130.184
                                                                                Invoice.docxGet hashmaliciousBrowse
                                                                                • 52.204.201.25
                                                                                Invoice.docxGet hashmaliciousBrowse
                                                                                • 52.20.130.184

                                                                                ASN

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                NTLGBds7002.lnkGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9Get hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                xJbFpiVs1lGet hashmaliciousBrowse
                                                                                • 82.30.74.138
                                                                                SecuriteInfo.com.Variant.Razy.803156.13117.exeGet hashmaliciousBrowse
                                                                                • 81.106.72.253
                                                                                sDSRBJGFaW.exeGet hashmaliciousBrowse
                                                                                • 81.106.72.253
                                                                                Advice.xlsGet hashmaliciousBrowse
                                                                                • 81.106.72.253
                                                                                iwqOx.pdfGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                pty10Get hashmaliciousBrowse
                                                                                • 217.137.225.123
                                                                                https://jcpconsulting-my.sharepoint.com/:b:/g/personal/maireads_jcpconsulting_co_uk/ERfHfSCzdwpCiQXDqtKNHKkBnVvlszs3rd1CSU_-rQLUlg?e=0TY6UCGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                purchase.pdf.exeGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                fOlUD.pdfGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                Astra.x86Get hashmaliciousBrowse
                                                                                • 94.174.22.218
                                                                                aPJ75.pdfGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                http://search.hdirectionsandmap.comGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                https://mbtaroll.tk/Login.php?sslchannel=true&sessionid=Jpvx93y8JgRFpwB2D6S76FwVGVH0eKmArD2DZdvffGrHIfGfryVp0vtNmvQdBq2eIn8T1temjHcqnoXVK9jYs24fgzW8Poywqnsx1f3VYySbZPlY2BXshxKsAiqv4FaDCoGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                https://mbtaroll.tk/Login.php?sslchannel=true&sessionid=Jpvx93y8JgRFpwB2D6S76FwVGVH0eKmArD2DZdvffGrHIfGfryVp0vtNmvQdBq2eIn8T1temjHcqnoXVK9jYs24fgzW8Poywqnsx1f3VYySbZPlY2BXshxKsAiqv4FaDCoGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                nyEdi.pdfGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                CHoyU.pdfGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                ggBNN.pdfGet hashmaliciousBrowse
                                                                                • 80.0.0.0
                                                                                KKjNA.pdfGet hashmaliciousBrowse
                                                                                • 80.0.0.0

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):410
                                                                                Entropy (8bit):5.679643469058028
                                                                                Encrypted:false
                                                                                SSDEEP:6:men9YOFLvEWdM9QIgri7Z+P41TK6toen9YOFLvEWdM9QcKPl0i7Z+P41TK6tZU:vDRM9tgqZiEjDRM9eBZiEn
                                                                                MD5:12522B86CB9952A35F3FCD52981800A3
                                                                                SHA1:D02AC94F6F3DD827CA3BED683C2EA67ED4A2B50D
                                                                                SHA-256:7DF53AC81F2C26B96C97A5CC15E776831DB92EC07813C9CC29F4B4E592A2959F
                                                                                SHA-512:CDFF777ECDE48A2BD1C88CAD1F6A8043EFEF1FD4B7FC7D933587FF90365CB14DFC8F0DB308C465A3D8440CFFDEE3B68E5066F02B32A43647F13F37472B994B11
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview: 0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .`..S#./....."#.D.{.!b..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo......)].E........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .<1.T#./....."#.D..)"b..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo......[..........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):522
                                                                                Entropy (8bit):5.635010607443955
                                                                                Encrypted:false
                                                                                SSDEEP:6:mi9NqEYOFLvEkA+vS8Be7Ywcr1TK6tO/Ei9NqEYOFLvEkyQoZ8Be7Ywcr1TK6tOQ:V9zgWS9PQQP9zloZ9PQc9z7IZ9PQE
                                                                                MD5:E2245078EC8D87EE6C638CF7051DBF75
                                                                                SHA1:B2DB06DCA9C5C4C754C28022C135F312FF296C22
                                                                                SHA-256:069F88E6C52EC31C9C7A82AE44AE03D0DFBA0CC88D9B3A36377F3AED89AB5D34
                                                                                SHA-512:AEF387D354F5C479EECAFEFBE12AE3368CCD8C28AFE2E6B689245CD043AB1CC642DFAD291E58F151B74F9A7359E9756FC0B7916DE72BB37799010C8FF4A1B591
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview: 0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ..~.S#./....."#.D....b..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo......!.'2........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ....S#./....."#.D]RJ!b..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo......)d.x........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ....T#./....."#.D|d.!b..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo.................
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):492
                                                                                Entropy (8bit):5.610033615201464
                                                                                Encrypted:false
                                                                                SSDEEP:12:DyeRVFAFjVFAFINblUo6j3yeRVFAFjVFAFNoblUo6jc:tB4v4INSB5B4v4NYSB
                                                                                MD5:7D37CE0B350ACF250B52DAB90D5E4018
                                                                                SHA1:D03E00038222595A84496F2784EA9FF59E24759C
                                                                                SHA-256:F1DD5C08498018AA4ED6AF010C9BE5C038D76FB35E356CCAF8732B255F6678B3
                                                                                SHA-512:5F14D82C573EDB667A104C18A53114BA4AA795FE0EF2C4FE918CF3C328D1C9FF52CE1E60318B64CF142A0782130D14E65BD0ED299E60FA40D08FE66CC23BD379
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview: 0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ...S#./....."#.D..!b..A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo......{4].........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .m..T#./....."#.D..""b..A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo......r..K........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):232
                                                                                Entropy (8bit):5.669373736584534
                                                                                Encrypted:false
                                                                                SSDEEP:6:mNtVYOFLvEWdFCi5RsxZ7iiWulHyA1TK6tR:IbRkiDknWuss
                                                                                MD5:9B427F245EB5AD775C98C46D37C01676
                                                                                SHA1:DBB18D5F5368257B835210380488D6DA9266E560
                                                                                SHA-256:51F0FECEA8054866955FF167B0D301BFE9042176B83A068CD93D21BFA42C0356
                                                                                SHA-512:A232CA4F33A88417426B02F4CDC98ADBBDFEE9B870C17606D349DD5646BE75B9BDF9F69D63D8C28708E1891E59D05BF82C5591B06C8EB3EE47253940377406EE
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview: 0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js .R..S#./....."#.D...!b..A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo.........#........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):210
                                                                                Entropy (8bit):5.5533689454078
                                                                                Encrypted:false
                                                                                SSDEEP:6:m+yiXYOFLvEWd7VIGXVuVpQVyh9PT41TK6t:pyixRuuV41TE
                                                                                MD5:C51748F8165F13D70EBE4E34ED0B9A6B
                                                                                SHA1:ED63F2952B68357746F7839E5D1237BFD100EFAF
                                                                                SHA-256:29BE24AB5ED35ED745F99878D1ED805E5181244BA1B2D04AB65EB1D4507BCC75
                                                                                SHA-512:A15721D4F80A8677E9B150988B1F5226290556B9200CB5334C232539BDD591464B183BE0103C9EBBE35FC4515FF7AD1B54226666E7D06AEB7681F16DEACC2D5D
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview: 0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ....T#./....."#.D@m%"b..Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo........I'........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):216
                                                                                Entropy (8bit):5.637896863036127
                                                                                Encrypted:false
                                                                                SSDEEP:6:mvYOFLvEWdhwjQBg8JhLZIl6P41TK6tsl:0RhkkvLZCKl
                                                                                MD5:62488F2142EBD11AAD37F60896DEC4EA
                                                                                SHA1:65722130DEE193C4DBC829F33FAC0860373DB606
                                                                                SHA-256:7F3CA7961A7CA73AD656544BA1ABB444666AE40C39E1554EA1D364DD39BC6693
                                                                                SHA-512:F4007963454F70585796A6E7CDF802D3DAD2C3AABCDDB0A55B2FA743BD9C82FD07FC1A26513BCB4E2C766739E65D70852A402E284C7430C1EA18A45D12448518
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview: 0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ..[.T#./....."#.D.$."b..A.].>....uUf..N...k......c..l.A..Eo...................A..Eo........?J........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):209
                                                                                Entropy (8bit):5.4950621845494485
                                                                                Encrypted:false
                                                                                SSDEEP:3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVOVqUGXVcyxMtv9EWm1TK5ktn:mJYOFLvEWdGQRQOdQrSF6g1TK6t
                                                                                MD5:6375D75240B4D62F7453711A5451FDE6
                                                                                SHA1:1776C83B91200FEA4069641E154AC914326D1586
                                                                                SHA-256:03890465C999B3F6504CADE97577369100DA8BB0E1A02A3DC0E6C9CAD969B462
                                                                                SHA-512:308346CFC6D445F5DFB720D61EEB1A60D69F579D44F110BE82E983CF5B0E4D0E795A4731769D5A158E66CDE48CEF2F026D895687C04D60E239C0940E93610A67
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview: 0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ....T#./....."#.D7.%"b..A..c..y/L....|y.n..C/I.....X7-ne.A..Eo...................A..Eo.......|..........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):537
                                                                                Entropy (8bit):5.597642642243314
                                                                                Encrypted:false
                                                                                SSDEEP:6:mOYOFLvECMLz4LMuR/41TK6tnOYOFLvECML+LCLMuR/41TK6t4OYOFLvECMLVgex:Z5M4MuR/EK5MyLiMuR/El5MqGMuR/E6
                                                                                MD5:FA74ECF89A19D6643098A25671326875
                                                                                SHA1:A5CE5712B9D7CEF3237A37F615F62EC89896A8F4
                                                                                SHA-256:503BB5E4E9D2EE8C74AE679860FD66C8847319C0E6D73B89696034E8FD32041B
                                                                                SHA-512:373A9524789E272070F0B887060B40EEBC1E915CF7C40BC506CCEAC74F0B55CB1648407FD2FDB6639D25E2E469C5C586E56670B9FE79005C159303FE53D7B962
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview: 0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ....S#./....."#.D.1..b..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......{...........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ....S#./....."#.D.|J!b..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......c.q.........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ....T#./....."#.D...!b..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo.................
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):214
                                                                                Entropy (8bit):5.492767100049171
                                                                                Encrypted:false
                                                                                SSDEEP:6:m4fPYOFLvEWdtuVzwcby0zBUKSAA1TK6tU6:pR0wcbeG
                                                                                MD5:28D52390DFB1FB0AB87B6A5BC665D5F0
                                                                                SHA1:96A9644873C856822BCA400338E61940FCD9CD8F
                                                                                SHA-256:7BE52715367ABC23F39E0DF38CF60DA49B04DE3CB52AEE6E899EE23780F15F25
                                                                                SHA-512:6EABFD1D1847727DF54515AD9485B7458AB8BC7414FF950B134B056B55048646C62BFC4E9FE8E7A33E7F880DFABFC0B3C9926A52BB1E6379FE9C065D6B4B044B
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview: 0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ....T#./....."#.DF.%"b..AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......\6##........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):531
                                                                                Entropy (8bit):5.579337284491838
                                                                                Encrypted:false
                                                                                SSDEEP:12:KkXxKMSCvlO8tUlGkXxKMSCvadtUl9lwkXxKMSCvQXftUl:KkXxiCY8WGkXxiCyW9CkXxiCYfW
                                                                                MD5:C2A8D6B055AB88A5BF64425DFDCC8FB9
                                                                                SHA1:F177C81F2F842DE2F0BD1FD426F8945BC1451119
                                                                                SHA-256:8D68696A4950519B0BF6B6524AED1FC7524A765C7B7C90B7D235C4F22C1B6744
                                                                                SHA-512:288CDC04ED3A551AE28667F1B773F12FDB1670E7A6002BE2869F0496A8E24993998F1167BE3C3463F94A21F018BF96A77F1C4BE3AC0A20F90DF158BD1210DE8A
                                                                                Malicious:false
                                                                                Preview: 0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .l..S#./....."#.D_...b..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.......\.V........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .N..S#./....."#.D.fJ!b..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.......k..........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ....T#./....."#.Ddu.!b..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.......s.=........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):374
                                                                                Entropy (8bit):5.575208354148094
                                                                                Encrypted:false
                                                                                SSDEEP:6:mkl9YOFLvEWsfOLrcZryM+VY1TK6trBFEkl9YOFLvEWsfOLAwQmHzJ7yM+VY1TK2:5h6OLSqklDbh6OLAidak
                                                                                MD5:223FCB59CA903D44064CBAC950BECAAB
                                                                                SHA1:A502B7893F051CD817D38232607490A5CD751751
                                                                                SHA-256:930A57ECA2E1810568EEE1A74BC56BCA60F94808E9A7E91A0DD3F21CEB3E686D
                                                                                SHA-512:0F3B23CDB2F77562295240381FE71A0737E2A2B3990EE3A4C6A2BDA16CB85562919CEF19770780235E25A1A12C5EA01D79DBC49D95E811E5D6EAA9972F2E9C14
                                                                                Malicious:false
                                                                                Preview: 0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .T..S#./....."#.D=.x!b..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo........jd........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .Y~.T#./....."#.D.e."b..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo..................
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):488
                                                                                Entropy (8bit):5.639961775093544
                                                                                Encrypted:false
                                                                                SSDEEP:12:URVFAFjVFAFqU7wSeKaTLnhRVFAFjVFAFYtwSeKaTLnd8:UB4v4qU7wzXLnhB4v4YtwzXLn
                                                                                MD5:3A3FA3FD62DE87DAA032DFA8134FE30B
                                                                                SHA1:7F49E795A69DE7DB6F3E347EE0F30C9F86193B66
                                                                                SHA-256:1535779709C5B8AC9AEBF6EDA9A661E7652AE60E3AF631D85149647F15728656
                                                                                SHA-512:10F5D30FC6BD65101432CB60880084EF481C47F4EC5E92F48B0085DF382FA8F20A8676E77D728B672D9340967F57B4185B33377FDA5D073292A8FC1DA45D89CB
                                                                                Malicious:false
                                                                                Preview: 0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ..h.S#./....."#.Dh".!b..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......>...........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ....T#./....."#.D.|+"b..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo........g........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):211
                                                                                Entropy (8bit):5.452546275458453
                                                                                Encrypted:false
                                                                                SSDEEP:6:ms2VYOFLvEWdvBIEGdeXuTnJoGFS11TK6tgt:BsR2EseynJoGFA6
                                                                                MD5:2AC230DF5838BF9183A633DFAAF6CEB4
                                                                                SHA1:41B63234AFB8B9A4538D5AB08625D2AF38477123
                                                                                SHA-256:14E6FE275B512BA8D4CBFE772F808C784D2352E1308999C083C2172A45523E73
                                                                                SHA-512:F3C52E52A66B242F86209530092D55D7ADADE1E7BA044FED86CFBA18AF72EBBE135849FA1807CDBE6B2A82ABE4D8946C9BD8A3F86C96ED2212B93353A0677A78
                                                                                Malicious:false
                                                                                Preview: 0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..C.T#./....."#.D..#"b..A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo......Be..........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):202
                                                                                Entropy (8bit):5.663926139969406
                                                                                Encrypted:false
                                                                                SSDEEP:6:maVYOFLvEWdwAPCQxjl3B7OhKlvA1TK6t:RbR16ifJk
                                                                                MD5:26ED29D408A9E4A4103B8AE056B77D9F
                                                                                SHA1:E140EDE19DC5924AA500B4AB871B9A67ED6A81B5
                                                                                SHA-256:AFB71D096ECB1E881F0F7B68B6780EFAF93E88958662DB77FA66E62CC7E9A89A
                                                                                SHA-512:42585E8210E02F6621F26647D64DCCF819A322D21523E025D469F9BF26893ED313E79288887583288F08D5B0776DDDE3279394C7EC78AF639844A6C7DBEAE448
                                                                                Malicious:false
                                                                                Preview: 0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js .PU.T#./....."#.D..."b..A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo......Q.MF........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):211
                                                                                Entropy (8bit):5.545022668666919
                                                                                Encrypted:false
                                                                                SSDEEP:6:ms2gEYOFLvEWdGQRQVuXSzyRQdFt1TK6ti:B2geRHRQGqyR0
                                                                                MD5:28A698C62BEFDC812D48AB87177173C0
                                                                                SHA1:0C91C1D02B7CAA8DA26D1653F632FB5E615E0519
                                                                                SHA-256:F61AE3C47DE18D713CC6D31BD1845BD2E353048EFF592693B15BE2137CEFD04E
                                                                                SHA-512:43DBD5D835E22FEF0876D890095F498D70C4A8A457DF539141AB943EB623A6112A4B2E073A0110C04040B3044D577275CCB363973A45964E5026F9B990D7A025
                                                                                Malicious:false
                                                                                Preview: 0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..3.T#./....."#.D..#"b..A@..{o]...9o|..qY....T....{..u.b..A..Eo...................A..Eo........@a........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):412
                                                                                Entropy (8bit):5.639094033987545
                                                                                Encrypted:false
                                                                                SSDEEP:6:mzyEYOFLvEWdrIOQ42KMg46t1S/1TK6tJdEzyEYOFLvEWdrIOQa6t1S/1TK6tu:WyeRlcpglt1weyeRlmt1wQ
                                                                                MD5:B5D6E88E092DAA01C3196A3DCD8536B0
                                                                                SHA1:560C5375F148348CE11831689E9D1FC369DCB1D7
                                                                                SHA-256:0B93DB11E73C026A49F54CFF767BEC520F5CB0BF3D6EE4BE688BFED42FF62A37
                                                                                SHA-512:025151F1493BCA76690814DC61E089E6090557CF9D437BDA7F4E40201E8FB257244D45D3C349D863C79FEDFBFEDB5C7CE8ADBA972FCA98A2373609350C52CD47
                                                                                Malicious:false
                                                                                Preview: 0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ....S#./....."#.D.Z.!b..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo........d.........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..G.T#./....."#.D{3."b..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo......rw..........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):218
                                                                                Entropy (8bit):5.572486249762836
                                                                                Encrypted:false
                                                                                SSDEEP:6:mnYOFLvEWdhwyuI0/0wAfqwK+41TK6t+l:wRhxU06wK+E
                                                                                MD5:A18AE2E97527F81C84C48DFA05CE42A2
                                                                                SHA1:F6A873AC315ACF86D42023BC10CF689DD6F0F0A3
                                                                                SHA-256:DA659D9189349A990EB33EAE59730968A7DE24DFF68C19173E3A8EE7677D2FF3
                                                                                SHA-512:9478F344DEBC44CD3495BD1A0E405EBF53AC8AC0133901A2E732C3823A2EBD3718BAA7B5DC0B7FF658F9E7B22BFA4B2EFC40BA57A6388F8C90D10BC344B38F13
                                                                                Malicious:false
                                                                                Preview: 0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ...T#./....."#.D..."b..A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo......).mF........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):460
                                                                                Entropy (8bit):5.59066568543567
                                                                                Encrypted:false
                                                                                SSDEEP:6:mYXYOFLvEWdrROk/RJbuMgDsfO441TK6tBEYXYOFLvEWdrROk/RJbuBoLsfO4413:/RrROk/msfLEVRrROk/lLsfLE
                                                                                MD5:F42BF475585913DF40264C857BF12D81
                                                                                SHA1:89BCB65222100386792F0CCC748D298C570A01AC
                                                                                SHA-256:CA95EE689F014A5D4F1E118D82771F00B4E9A5BA9AA0F495E30937041198DE53
                                                                                SHA-512:7B6FD4A98DF6DE3FDEA1ECB045165A900DBD4A167576AE42B3E490AFCD25D6EE265EBBA2438FA10132DAC8E079EA3CA96AA3CB8928881AD8AD7FA0312AC05AE5
                                                                                Malicious:false
                                                                                Preview: 0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .y..S#./....."#.D.:.!b..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......A...........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..E.T#./....."#.D..."b..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......n...........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):372
                                                                                Entropy (8bit):5.599617386897567
                                                                                Encrypted:false
                                                                                SSDEEP:6:mmDEYOFLvEWXIwGeS1QPLr1TK6tr2mDEYOFLvEWXIiA1QPLr1TK6t:xqT3GeSCPLnJBqT7ACPLn
                                                                                MD5:DCE36C706EA59CFD5C8263582492A395
                                                                                SHA1:FD940EA6A7AFD7FB3DCA6173AFCB559CAF9567A0
                                                                                SHA-256:3BD8E65A2161A7539E764149153E9A8107278485C864EFB5FBE9CCE582D4D67E
                                                                                SHA-512:E2026F6750FBCDA0179F7A99FD22DEA639C0B979CFC67F4943275C87E27AAEE1BBECC2E08463BC222423A10674C05C0559E5D343C9F171AFE25DDD4F8AB57786
                                                                                Malicious:false
                                                                                Preview: 0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ....S#./....."#.DRCx!b..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo..................0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..o.T#./....."#.D.X."b..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo.........g........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):414
                                                                                Entropy (8bit):5.633564771699773
                                                                                Encrypted:false
                                                                                SSDEEP:6:m52YOFLvEWdMAu9h/zsEJ41TK6t2t252YOFLvEWdMAujH2zsEJ41TK6t:zRMx/zsD8RMZWzsD
                                                                                MD5:851328A921AC5A110CA1AA027725C108
                                                                                SHA1:A447A3F6347C6437157688842A4CAA34855CFC20
                                                                                SHA-256:C2A2CB746A2857DAC8EDA2A403F66FE5B7B13B4E581DCECB8AA0AEA7B352FB5A
                                                                                SHA-512:E4DC2562C657078ED2B1B3B2A2A0C8BC91F0D8EFA321A09C4751983D22962177B4084590988AB014C95CB49E6DB0D7682F9DE80631CA14F09A64A4FD9A1A0873
                                                                                Malicious:false
                                                                                Preview: 0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ....S#./....."#.D...!b..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......S...........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .JU.T#./....."#.D1|#"b..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo........$.........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):420
                                                                                Entropy (8bit):5.609628739767757
                                                                                Encrypted:false
                                                                                SSDEEP:6:mYilPYOFLvEWd8CAdAu6XLTFong1TK6tRYilPYOFLvEWd8CAdAuG5/2Fong1TK6g:6lJR9XLRoMVlJRBYoMg
                                                                                MD5:8D2C2634B3F0DD1AD857C53C8EED6A94
                                                                                SHA1:9A0C2BCBDA4DC651AD1228A016F55D4ED68B75F1
                                                                                SHA-256:BEE42CB85E01CB701EC386C5E436CB5EC07E2F21390E603D14814C4DB466C448
                                                                                SHA-512:FDEACEC9265B8E19099D2E22F00F37EBCC9AA37B619A1FFC48B4C9F937CC278CC9DE27E92F8128647B27FB4A0CADAEF2C0B54550108092DB3AFEAAE671966BC6
                                                                                Malicious:false
                                                                                Preview: 0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ...S#./....."#.D..!b..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......V.uf........0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..b.T#./....."#.D..#"b..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......!v.d........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):446
                                                                                Entropy (8bit):5.602539916481909
                                                                                Encrypted:false
                                                                                SSDEEP:6:mY8nYOFLvEWdrROk/IulMsYe16wG1TK6t6Y8nYOFLvEWdrROk/Iu4tDce16wG1Tg:F8hRrROk/V2z8hRrROk/O2
                                                                                MD5:4F996D2F7448DD4461DD37FF8C8CDB5F
                                                                                SHA1:FCBA716466EDB5E2FD9F5ADF43583B2F3EF6A2D8
                                                                                SHA-256:F76437FE9D9F635FAE8F9DC6B566AD0281D7F07698B5440779FE1D8E6D4BE260
                                                                                SHA-512:D425525724E254FA1B8757A5E32B9FC239832FFC7E5FD136508524F57773D8A011A11BE4047B60DF6ED88DCF3B142C661170D84A4475DCAC251E00DF74BF27ED
                                                                                Malicious:false
                                                                                Preview: 0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..2.S#./....."#.De.|!b..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......4.J........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ....T#./....."#.Dh.."b..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo......(.|"........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):426
                                                                                Entropy (8bit):5.6973376591863545
                                                                                Encrypted:false
                                                                                SSDEEP:6:mLrnYOFLvEWdrIoJUQtZrNJIi1TK6tW/ELrnYOFLvEWdrIoJUQ5wx+5t+sRrNJIv:ehRcMNJICQ4hRcqwx+aINJICCF
                                                                                MD5:BB445CB820EA4C70217764A9EB2BCFC0
                                                                                SHA1:5D189483785FBD6B155F10071B0B618AF6E558A1
                                                                                SHA-256:E099732D3D7FA12923736A2E1560F5AE8BDCD039D93FE923FC35ADF590B20970
                                                                                SHA-512:102C747468279257E37CED35D948B42D9FDC71EBE6DA5806CD666C11B13C6588FE1141426545ADD18D141ED2629BBD195FA730823CC509B7CC7036F93CB0A1B5
                                                                                Malicious:false
                                                                                Preview: 0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ....S#./....."#.DN~.!b..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo..................0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .|Y.T#./....."#.DOZ."b..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.........)........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):416
                                                                                Entropy (8bit):5.595728437572819
                                                                                Encrypted:false
                                                                                SSDEEP:6:mOEYOFLvEWdrIhu9tLLzgm2d/1TK6tfOEYOFLvEWdrIhuvz3TLzgm2d/1TK6t:0RNvRejRNHRe
                                                                                MD5:284957900BDFC53D04E1BC4B6E2C37A8
                                                                                SHA1:F5761758E0BE2BCA2F213013C1151258C24D0198
                                                                                SHA-256:3DE859F0A4B96EAD12254C02FF22E40E44C5575D9FDF6F3D57E76CDE51634FE4
                                                                                SHA-512:7A1E60606B194899BEC86C21B1A4DB12EFD61899A26740708E36B61A8478AAA8D09625AC8F2D2B0C27F324317192A058002A785C27CEEAC738FA55AFF8C5124B
                                                                                Malicious:false
                                                                                Preview: 0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .2!.S#./....."#.D..|!b..AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo......1[3(........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ....T#./....."#.D,.."b..AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo......"...........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):564
                                                                                Entropy (8bit):5.649620149245792
                                                                                Encrypted:false
                                                                                SSDEEP:6:mAElVYOFLvEW1K4sakx56uvp1TK6t3QeAElVYOFLvEW1KuIkx56uvp1TK6tM/EAb:6JJKqIdQiJJKuIIKgJJKsLIao
                                                                                MD5:7BC5A018ABA2690C307CE73A0009E07D
                                                                                SHA1:C0D442AA0CF413191B3BFF6E8CE8A146852808F5
                                                                                SHA-256:CC79312AE14D2544605BB9DFAEABAE23E2834A4629C962C35EB01EEE214FF228
                                                                                SHA-512:0A835B39538C033B3317C04CB43DECBB6876DD1572ABD05BE9ECA69F4EE3A48C8DE92FF9ED05629CE7AD6B437DA4055E7BA524CE9904CDC4911C6F12A8AEF9E8
                                                                                Malicious:false
                                                                                Preview: 0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .OY.S#./....."#.Dw...b..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......F..........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..n.S#./....."#.D.q\!b..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo..................0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..s.T#./....."#.D...!b..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......D^.u........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):214
                                                                                Entropy (8bit):5.631542926305818
                                                                                Encrypted:false
                                                                                SSDEEP:6:mWYOFLvEWdBJvvujD3fohUDLYtmOZn1TK6trW:xRBJgD3fFDcFZLxW
                                                                                MD5:1B24A4DDEA109F60966C7F8D6CFC5099
                                                                                SHA1:1C8CA96FC2442DB523EE718F7E4014A980803BBF
                                                                                SHA-256:83BF5BD047435884ECD9C0A29FA1BF74F5E18E013DDD37343559088B060543D9
                                                                                SHA-512:7E8852705BFA9C353EB44741D90806CC279B0765948AEC27FFA9644D4A11573F2C6D02AFDC73FCD145DCBFF987627D6EB59B4D3BFF013DFE0D52FFFD4BDFBDEF
                                                                                Malicious:false
                                                                                Preview: 0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .,F.T#./....."#.D6X#"b..A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo.......f..........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):633
                                                                                Entropy (8bit):5.653567585832275
                                                                                Encrypted:false
                                                                                SSDEEP:6:msRPYOFLvEWIa7zp75XgVPu1TK6tVll/MsRPYOFLvEWIa7zp7k8UFVPu1TK6t9Dn:BPHHwcrll/7PHiHcLyPHdgUcp
                                                                                MD5:F3F9EE278F5DB6A0FD474D455B75AFB1
                                                                                SHA1:78913FD4599F0FCA42F86B59DFBA91C22A68BCAC
                                                                                SHA-256:3A69E46AB7C5EE5A37E18C891E5D1680338CDD55594BF460E9A9C7495B5CE3D8
                                                                                SHA-512:E1184F860188A4BBAF48F567B45B74CE9ED004338C553C4A50553EC4D6B648F981921644C8E1760ED3D6C62A4DC16425F2ADA164FA459F828096B4076CC40A39
                                                                                Malicious:false
                                                                                Preview: 0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....S#./....."#.Db...b..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......<.y#........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....S#./....."#.D.J!b..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......U.&.........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....T#./....."#.D[..!b..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo..................
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):208
                                                                                Entropy (8bit):5.571699507981899
                                                                                Encrypted:false
                                                                                SSDEEP:3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuV0Q++l44XVAZ+8cV3vRm1TK5ktt:mKPYOFLvEWdENU9Q1MlPiM3Y1TK6tdX
                                                                                MD5:AAA54AB933B77CC3C14EE8F8EE7B6F34
                                                                                SHA1:C070EB9729E92DA322A22977AD23D783A2EC1AC8
                                                                                SHA-256:76E8AB75A99B351FCFC11C9B6F0E88E058E649067E97FA5A999D3B1868172D56
                                                                                SHA-512:A3C95D4350EE4A18EFFD9414BEE2407EB8C186F22A18B30538CAB55B7B5929E885D5A754D0FD51809110F8E907BB6CA70C47D37C811F0B04FCDDF867DF3C4FE7
                                                                                Malicious:false
                                                                                Preview: 0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ..Z.T#./....."#.De.."b..A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo.......&YE........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:modified
                                                                                Size (bytes):208
                                                                                Entropy (8bit):5.602422390316336
                                                                                Encrypted:false
                                                                                SSDEEP:6:mQt6EYOFLvEWdccAHQEKKilhWjBRCh/41TK6tLN:XRc9n6mDi/Ex
                                                                                MD5:FF8394A644B21CB2B54D79579057EB03
                                                                                SHA1:F15E67F465B65976AC10FF90F1EFB1BF94D267DD
                                                                                SHA-256:907E425A24AD6F1FD3C91B75226D29A4CE26EA5EF8268330ACE4E87D450D5C60
                                                                                SHA-512:AD64085682D39929D3038E9C5B614C0C4CC3764B2296E6B130B81DD52FE4E6CD684B929384400DC6C8218772A8F2138B7628C9F193D0460DD56302F7CE9FEDDC
                                                                                Malicious:false
                                                                                Preview: 0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ....T#./....."#.D..."b..APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo.......-0.........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):231
                                                                                Entropy (8bit):5.604899798886648
                                                                                Encrypted:false
                                                                                SSDEEP:6:mqs6XYOFLvEWdFCi5mhu5waULlF4r1TK6tJ:bs6xRkiEFLlF4n
                                                                                MD5:2B73C7347EE04EC86D4C6C962A734732
                                                                                SHA1:18A792D5067FF39D31CFE8C23C31C342CD7A46C7
                                                                                SHA-256:59009F4182A242276B7CCB120BF63FB427CFDD7A8F938D171DD48EF9A9D15C84
                                                                                SHA-512:3D01639549CD06350C215D6572CD00BFF7EEB8269672DDE30292BC9CB6A747839B95BCF6AC3D41718611CC2893E664B73B4C6C85A6EDCB2525465706724AEBAE
                                                                                Malicious:false
                                                                                Preview: 0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ....S#./....."#.D.Q.!b..A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo........M.........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):215
                                                                                Entropy (8bit):5.510072947025806
                                                                                Encrypted:false
                                                                                SSDEEP:3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvptVneV4cu1isLK5m1TK5ktk:mhYOFLvEWd/aFuFdeh941TK6t
                                                                                MD5:72A0139E3AAEC252075395F6DF7B4BDC
                                                                                SHA1:8788183457A8ADAB2D9557B615113A3F68A13D6C
                                                                                SHA-256:DAF0A7150A9BF5986FB2BDFAD484C21AFF04F26F6082255338249A2C342E9F1E
                                                                                SHA-512:8425736192631E7A6A4F53B1F6C9027303BCC420605EFC474FBDAE32D9C72D9130F632CBE6F069B332C001C19235EDBD9BA006E45179E715C19BA7CF513BA0C1
                                                                                Malicious:false
                                                                                Preview: 0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ...T#./....."#.D.^&"b..A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo........TH........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):208
                                                                                Entropy (8bit):5.513673234560505
                                                                                Encrypted:false
                                                                                SSDEEP:6:mR9YOFLvEWd7VIGXOdQUglJyk52oBMqVd3G4K41TK6tFH:2DRuR9O52oB9Vd2k
                                                                                MD5:753CB39F713EDAC0F93A12DCD7F711EE
                                                                                SHA1:A88AB049C97DC8FEE4A4521A14982140443441EC
                                                                                SHA-256:9E0D76BB997A6918209EFBD53D44D96F8FF0F57C775FC430732EDF1A2FBF2E2A
                                                                                SHA-512:F2CFC4F4A9124055F462299773B89A7EF97BD6AE8B66173F170BF0559EFCB54DD62FBFA363B0D65BA8BEB244A86DFF043F3F5F0916C71E9172B61C6B58E3C4E4
                                                                                Malicious:false
                                                                                Preview: 0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ..w.T#./....."#.Dx.%"b..A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo..................
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):416
                                                                                Entropy (8bit):5.615984482661573
                                                                                Encrypted:false
                                                                                SSDEEP:6:mkqYOFLvEWd8CAd9Q9bLSuA424r1TK6tdkqYOFLvEWd8CAd9Qbptm9uA424r1TKN:+RQUdrnDRQ0tzrn
                                                                                MD5:7CC40F1844A7C7BE33A4D21C6DE2932A
                                                                                SHA1:CE0335715863A93C5F3F49E5A01CD4083089B54F
                                                                                SHA-256:F6F51D306CBC555FA76CC0D82DCA121A835D270074C53406129885D05806C8C2
                                                                                SHA-512:B9F64313C58B06416EE0731F3437B4114F64A999ED757CA4FCDFBC13D73A4232D089C3D374265AC430B7DF6AFCED8CE73AC7585517D814AB973DF51FAFF28234
                                                                                Malicious:false
                                                                                Preview: 0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ."..S#./....."#.D..!b..A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo................0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..h.T#./....."#.D.{."b..A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......T..........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):210
                                                                                Entropy (8bit):5.587523436931564
                                                                                Encrypted:false
                                                                                SSDEEP:6:moXXYOFLvEWdENUAu40/ml+UuyC8n1TK6t5:xhRTi0/wA7Q
                                                                                MD5:ED8F89E85A792100765C0D3314F2DB8A
                                                                                SHA1:432BF051DC4167E8DB9ABC7A5549040C110F298D
                                                                                SHA-256:5EA4ED8681CAE2E1853A10BDCC04BE3D54834C036FC6627D282E06610CA06C08
                                                                                SHA-512:DFDF1A9694CB7D57057F9C6ACD6181BD335B1121C7502911327339125448E2EF8C199F762A1F7CDAE0B60C8DD3E4396D3442D37B890170C7012289D28E9C91D4
                                                                                Malicious:false
                                                                                Preview: 0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ...T#./....."#.D..."b..A8.../...;.\\o....1..........+..A..Eo...................A..Eo................
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):442
                                                                                Entropy (8bit):5.658504418366297
                                                                                Encrypted:false
                                                                                SSDEEP:6:mQZYOFLvEWdrROk/VQlhtsLmB41TK6tpNMQZYOFLvEWdrROk/VQyBh6LmB41TK63:nRrROk/VSNmbNlRrROk/VxbTm
                                                                                MD5:D6094A232C39AE9D11E52ECFFFB3F45D
                                                                                SHA1:D823DC76F3C9686CAD7A1BB5929745FF77F8C9F8
                                                                                SHA-256:B90DB4762C6A8FE5157F6F4DEA7294B76266120AE541C52B2514B150CCF0112E
                                                                                SHA-512:A6432F8B5E812357D399965C5291DB074DA45A64A8B817E457D8D740C9597EC5DBB6DC41BEF7BC305A2BFB38DBC78A1FBEF1786E7B35F058EF30D3833E20A20D
                                                                                Malicious:false
                                                                                Preview: 0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .'..S#./....."#.D..!b..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo.......+.........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..[.T#./....."#.D.+."b..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo.......7..........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):210
                                                                                Entropy (8bit):5.525891188718001
                                                                                Encrypted:false
                                                                                SSDEEP:6:mZ/lXYOFLvEWdccAWuktlcHdFGAdm9741TK6tY/:qxRcOsDrdu7E
                                                                                MD5:DD204C488699F339AF7F54C90940C75C
                                                                                SHA1:5D069BDC4EE4D9EE0EC8B9D1F1434EEA012CB5F7
                                                                                SHA-256:4EB44842E5A508AE267C8397676F4A1F4975E549656903341CBBE92D5A38B599
                                                                                SHA-512:02E609DABF32A3D96665EC943A888FCF558231F2768A65488982BE0C52C657FF0C45D75A422E9CFC68CB1DD9D64CC4072C22141D80045E07B7A4E3108D31DBEF
                                                                                Malicious:false
                                                                                Preview: 0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js .I..T#./....."#.D..""b..A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo.......r.s........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):204
                                                                                Entropy (8bit):5.5953360097985705
                                                                                Encrypted:false
                                                                                SSDEEP:3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvNQ+lVlu6shoq+Nem1TK5ktrI:mMOYOFLvEWdwAPVunTDrJn1TK6trI
                                                                                MD5:68FBE4AAE91EE0A63EE5C55D0DB783A1
                                                                                SHA1:6A9AD496C15B41F0B147BE25E54CF737E0D9DBF3
                                                                                SHA-256:DA43806F95A96C3F58C35EDAE03C5AB0FB4C433F6C215B6F42E078E6B2A5D2F3
                                                                                SHA-512:46970A9578753F24E56EBAAEEEE8CC81A3AF185C97D02A7D7274D86591EEEFE3CD33D1D05585B4ABA303A40E8C268FFE11667B2F83AE8B14851456EDDE71227E
                                                                                Malicious:false
                                                                                Preview: 0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ....T#./....."#.D..."b..A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo.......Q..........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):212
                                                                                Entropy (8bit):5.62505801304337
                                                                                Encrypted:false
                                                                                SSDEEP:6:m3PXYOFLvEWdBJvYQdpteHuzhcsBXIh1TK6tD:mxRBJQyptYuDB0
                                                                                MD5:6C67B25C614B404923F83802B3B76443
                                                                                SHA1:64F6DEE196533970F0C1C2AF1A7522AA836BC4AA
                                                                                SHA-256:F956A52EDAA4A148529130A1A098DBDC3A67BE16E894847BE9D233B286947507
                                                                                SHA-512:37597395B3CE2EAE9CF5207EDFDD4D11BB4A940ABF2E1E1E8AE74C39BF59C1AFA722B49B73E57AB005B40DF35476AF7640FBD3A93A53C38448003C54DC1841E6
                                                                                Malicious:false
                                                                                Preview: 0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ..,.T#./....."#.Dq.&"b..A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo......?.,.........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):456
                                                                                Entropy (8bit):5.638411719037565
                                                                                Encrypted:false
                                                                                SSDEEP:6:msPYOFLvEWdrROk/RJUQdhYc5Jlc3Me/1TK6t398sPYOFLvEWdrROk/RJUQalMTw:3RrROk/skhYc5JlcpRrROk/spOc
                                                                                MD5:DE6F183B924DE844D82D71646518C223
                                                                                SHA1:0298A64E7271DB039CD8AE0C9B292E312CCB74F3
                                                                                SHA-256:A01D2A61A8A8E24CE219298B22379F89821C6BECD38AB92BBC1959F351BBDE9D
                                                                                SHA-512:34C2EF76A7F0771B2649A593217BB4A7B055AFD7AC55B04A5808A65934865FBD142801510CCB56A9C975946E46B6ED9CAD68A4760527506356D0D555408480E0
                                                                                Malicious:false
                                                                                Preview: 0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .U..S#./....."#.D...!b..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo..................0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .3q.T#./....."#.D..."b..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......K.x@........
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):2016
                                                                                Entropy (8bit):5.196929330683041
                                                                                Encrypted:false
                                                                                SSDEEP:24:Mfg1zZFufGMisp6r6C9QPWRaVm2vrM3oCyRZtGFpfEk:h1zZ4+dsp67RaVmwGotRZk/ck
                                                                                MD5:5058B8713733316A68E78D9F94FA5FC0
                                                                                SHA1:865446856696AB2CA0D05AD463715BDBE3361D0A
                                                                                SHA-256:438A35D26B090861864EDA70AA4E619958E794E994867BE568AB11F9E6202F8E
                                                                                SHA-512:AB641858856437A4B59003AAA3EE7052E0DB83727D9590549F7A646116081735670BB76341BDACB582812CE7A2DB2C9FE1110E481D63379FF5053F87EA6608C4
                                                                                Malicious:false
                                                                                Preview: ....h...oy retne....'........'............;.y~A..z.B_./...........*...z.B_./..............oB*.8.B_./............#...(...A_./.............k7A..z.B_./.............D.4..z.B_./..........[.i..%..z.B_./.........<...W..J.8.B_./.........,+..._.#.z.B_./..........J..j....z.B_./...........6<|....8.B_./.........A?.2:...z.B_./..........+.{..'.z.B_./.........*)....J:.z.B_./...........2q.....z.B_./...........P....V.z.B_./.........+.U.!..V.z.B_./............P[. q.z.B_./.........!...0.o.z.B_./..........u\]..q.z.B_./.................z.B_./...........*.....z.B_./..........o..k...z.B_./.........^.~..z..z.B_./.............o..z.B_./.........Gy.'.h..z.B_./.........F..=z;..z.B_./...........3....z.B_./..........v...q...8.B_./..........C..M.....A_./...........a.....8.B_./..........~.,.4>..z.B_./..........&.S.....z.B_./..........@..x..z.B_./.........=....m...z.B_./..........;/....z.B_./..............q..z.B_./............MV3...z.B_./.........:..N.A...z.B_./............B_./.........oy retne
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:ASCII text
                                                                                Category:dropped
                                                                                Size (bytes):292
                                                                                Entropy (8bit):5.177681373885635
                                                                                Encrypted:false
                                                                                SSDEEP:6:0Vq2PWXp+N2nKuAl9OmbnIFUtwzYgZmwyzYIkwOWXp+N2nKuAl9OmbjLJ:MvaHAahFUtwV/yH5fHAaSJ
                                                                                MD5:2E9D7E38B99DEDF940BC193CEAC1CE7C
                                                                                SHA1:223350EAC98892500400CB77822596156A2AF50E
                                                                                SHA-256:FBDBA44DECA7D34C53C53824AA00345BB50382C2B2DC5C22B3C56E6518600966
                                                                                SHA-512:13D1050C089B8876DA86180A7641D849A5D0BA2243115FDAB41BF75E4301918F3C0EC974A4086513623880EDAB7DB4F72C0AAF56FC5337B5B34EAFEA63E9FEA4
                                                                                Malicious:false
                                                                                Preview: 2020/12/15-20:09:36.190 1810 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2020/12/15-20:09:36.199 1810 Recovering log #3.2020/12/15-20:09:36.199 1810 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):917504
                                                                                Entropy (8bit):0.007775583823103001
                                                                                Encrypted:false
                                                                                SSDEEP:24:TGEXiXKGEXiXKGEXiXJ88hMXiXN8hMXiXTg8hMXiXTg8hMXiXT:TGEiaGEiaGEiCsMi9sMiDgsMiDgsMiD
                                                                                MD5:CFB315BC46FE90003DA8EBD9F4B3ADCC
                                                                                SHA1:D2CE24C0F4BC5B05A24FBE51370821160EAADF1B
                                                                                SHA-256:551AED495E031A34FDA7CD305771663B585FFAD758EFFBD8EE8B2EFE35E6DE8B
                                                                                SHA-512:D6C2C4979825630A8348BA0786A5F83020D3DF098FA6142E6237CBB61F92BBACC6012E045B8E681463F6D31ADB1985539A1AE93A255B22F7B99625A8B284612B
                                                                                Malicious:false
                                                                                Preview: VLnk.....?.......Tq.>..j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-201216040930Z-245.bmp
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32
                                                                                Category:dropped
                                                                                Size (bytes):71190
                                                                                Entropy (8bit):2.338682311988844
                                                                                Encrypted:false
                                                                                SSDEEP:384:CMBiqxTK4Mkwsovk3bPNFX/m00El6m20Bmgu1SuRKN6/Ls3m:CMBiizlw1MzsElZziSucN6r
                                                                                MD5:8728457C021B84949313963AD3935AF0
                                                                                SHA1:2A168D21FDC43A97948D173C218C34F511A17BAD
                                                                                SHA-256:E7FDF43ED0439F878CB6942B8F8DE670F7DA27C026E5D0F635EF1F9CE6F64DF2
                                                                                SHA-512:7CFACFB1FEAA09EFFFE57A1152844E1641165016EF2D8B288EECD396F9C41CF3C48E01C5E82202FB15BE8F7DFD9AE5CBFC685D4091D9B9BE286ECBE8476A2384
                                                                                Malicious:false
                                                                                Preview: BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                File Type:SQLite 3.x database, last written using SQLite version 3024000
                                                                                Category:dropped
                                                                                Size (bytes):32768
                                                                                Entropy (8bit):3.386160703135682
                                                                                Encrypted:false
                                                                                SSDEEP:96:iR49IVXEBodRBkQ/OhFVCsL49IVXEBodRBkRh/OhAVCs749IVXEBodRBklh/Oh7y:iGedRBxedRBhedRBUedRBW
                                                                                MD5:4E3B6539141BD4630103377F27F75D80
                                                                                SHA1:7AF9AA81A38498A54717A3E2BF05FAE381A50FBC
                                                                                SHA-256:B7AD1CF3C8B81850A9F3A9E50F5532B6712A6A45C3ED935101B566A548E4E1E8
                                                                                SHA-512:F20EC03D2BEE73A297E13ED66F9D1027EFCF3D981E22EDD3EEA7B02E01B0782FD7856BD8A794C1CF8FB43630AB90775C6B9EC2990BC7E05770330BC1C9FCBFF5
                                                                                Malicious:false
                                                                                Preview: SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):34928
                                                                                Entropy (8bit):3.1996234435947803
                                                                                Encrypted:false
                                                                                SSDEEP:96:H7OhFVCPB949IVXEBodRBk//OhFVCskLR49IVXEBodRBkSh/OhAVCsgRd49IVXEc:H9iedRBALGedRBCRCedRBTyedRBH
                                                                                MD5:53173432953F88ADD19E161DD68F6333
                                                                                SHA1:383058B2C7142DEE3011F760ECC0872A7B4FA870
                                                                                SHA-256:19B6DCA2D56EABA1522EB034C715C5C623C09794B9F87A2C261551990612B3DD
                                                                                SHA-512:D42A694EFF1B677D99F724E09DAAC3D496DF60FFA2F045ACE7662865C46A8F98D3DDFBD7CB66752870202A6BB1832062860DB65DCD652F02C1200B69DBD2750D
                                                                                Malicious:false
                                                                                Preview: ...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................X...h...y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R146ft5l_22f04b_4ek.tmp.dir\A9Rfckaqc_22f04a_4ek.fdf
                                                                                Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                File Type:FDF document, version 1.2
                                                                                Category:modified
                                                                                Size (bytes):163
                                                                                Entropy (8bit):5.188886248672462
                                                                                Encrypted:false
                                                                                SSDEEP:3:2tL4Amq2oEVFcPrgbZQcq3nBhUWmWdSrthhxkqgjHvKaxmEREJjVxTA6ZOuvJboU:CLNd2lVag0ByWhIthcqAHvEJX+OJMU
                                                                                MD5:7E29635907F07E470C003A6C722C8627
                                                                                SHA1:1F8E835A08630E329CA8166EF87555788F33307F
                                                                                SHA-256:300C67202E910187786DAF2C72DDE683036A351C3913D17AAB95F7672A883074
                                                                                SHA-512:0587C1661CDD989FDA08EBFEFDCECAE46D4788A16A564C2A0A0C579118E4A7B9E9BA556AC58AC518A2A0CC504B69D2563365028A2213E1D5E24A79C444DE48B1
                                                                                Malicious:false
                                                                                Preview: %FDF-1.2.%......1 0 obj.<</FDF<</ID[<594FF144B50A45C7A6C243C38735A7A0><28F3DD21DC0AC83FFFFE5FB714BF4DCB>]>>/Type/Catalog>>.endobj.trailer..<</Root 1 0 R>>..%%EOF..

                                                                                Static File Info

                                                                                General

                                                                                File type:PDF document, version 1.6
                                                                                Entropy (8bit):7.1683922345459825
                                                                                TrID:
                                                                                • Adobe Portable Document Format (5005/1) 100.00%
                                                                                File name:COVID19_MentalHealth.pdf
                                                                                File size:108891
                                                                                MD5:0eddf4e2ea8f23fa34620d15074da24c
                                                                                SHA1:3ffeeb5bde4d87299e3175917b6e8d7889ea0913
                                                                                SHA256:bc3cd005701b168d87ee8146c5a1fc995936985cb0da7992ad356f02c21e60af
                                                                                SHA512:f365e3ec60003807d6789a884316f91f26bbdf6cd327870a7dcd7784660334b1e930a4a56b04c1ecf012958ac10d3cc030e33bd71943d35da5bc59a9f86ebe3e
                                                                                SSDEEP:1536:9yZF6SH7RbBcq/hBOitOOdG538OZU+KaSxtLRU+9S/BqK365UBmz4t:4ZvbBd/zLdy38AU+1SBU+wT3KUBmC
                                                                                File Content Preview:%PDF-1.6.%.....%QDF-1.0..%% Original object ID: 14 0.1 0 obj.<<. /AcroForm 3 0 R. /Metadata 4 0 R. /OpenAction 6 0 R. /Outlines 7 0 R. /Pages 8 0 R. /Type /Catalog.>>.endobj..%% Original object ID: 12 0.2 0 obj.<<. /CreationDate (D:20180612094110-0

                                                                                File Icon

                                                                                Icon Hash:74ecccdcd4ccccf0

                                                                                Static PDF Info

                                                                                General

                                                                                Header:%PDF-1.6
                                                                                Total Entropy:7.168392
                                                                                Total Bytes:108891
                                                                                Stream Entropy:7.766702
                                                                                Stream Bytes:82276
                                                                                Entropy outside Streams:3.684377
                                                                                Bytes outside Streams:26615
                                                                                Number of EOF found:1
                                                                                Bytes after EOF:

                                                                                Keywords Statistics

                                                                                NameCount
                                                                                obj54
                                                                                endobj54
                                                                                stream14
                                                                                endstream14
                                                                                xref1
                                                                                trailer1
                                                                                startxref1
                                                                                /Page1
                                                                                /Encrypt0
                                                                                /ObjStm0
                                                                                /URI6
                                                                                /JS1
                                                                                /JavaScript1
                                                                                /AA0
                                                                                /OpenAction1
                                                                                /AcroForm1
                                                                                /JBIG2Decode0
                                                                                /RichMedia0
                                                                                /Launch0
                                                                                /EmbeddedFile0

                                                                                Network Behavior

                                                                                Network Port Distribution

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Dec 15, 2020 20:09:15.833580971 CET53608318.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:16.794789076 CET6010053192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:16.822006941 CET53601008.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:18.181545019 CET5319553192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:18.217267990 CET53531958.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:19.165199995 CET5014153192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:19.190576077 CET53501418.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:20.164242029 CET5302353192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:20.191431999 CET53530238.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:21.208815098 CET4956353192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:21.232995033 CET53495638.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:22.249877930 CET5135253192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:22.285716057 CET53513528.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:23.275753021 CET5934953192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:23.302695990 CET53593498.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:24.370676041 CET5708453192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:24.397998095 CET53570848.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:25.606429100 CET5882353192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:25.639017105 CET53588238.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:26.739626884 CET5756853192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:26.766844988 CET53575688.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:27.746571064 CET5054053192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:27.773833990 CET53505408.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:31.001260042 CET5436653192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:31.028291941 CET53543668.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:38.892303944 CET5303453192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:38.895652056 CET5776253192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:38.931644917 CET53530348.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:38.934976101 CET53577628.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:39.902637959 CET5776253192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:39.902678967 CET5303453192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:39.936104059 CET53577628.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:39.940187931 CET53530348.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:40.964827061 CET5303453192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:40.964926958 CET5776253192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:40.997565985 CET53577628.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:41.000344038 CET53530348.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:41.720956087 CET5543553192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:41.753598928 CET53554358.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:41.768281937 CET5071353192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:41.925755024 CET53507138.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:42.967278957 CET5776253192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:42.967320919 CET5303453192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:42.999757051 CET53577628.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:43.007395983 CET53530348.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:47.012806892 CET5303453192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:47.012919903 CET5776253192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:47.045727015 CET53577628.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:47.048449993 CET53530348.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:47.407958984 CET5613253192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:47.447789907 CET53561328.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:09:48.967406034 CET5898753192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:09:48.991604090 CET53589878.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:10:00.465864897 CET5657953192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:10:00.499979019 CET53565798.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:10:06.106760025 CET6063353192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:10:06.144089937 CET53606338.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:10:08.714381933 CET6129253192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:10:08.755045891 CET53612928.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:10:25.275787115 CET6361953192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:10:25.302800894 CET53636198.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:10:30.093559980 CET6493853192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:10:30.127928972 CET53649388.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:11:00.936031103 CET6194653192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:11:00.963279963 CET53619468.8.8.8192.168.2.3
                                                                                Dec 15, 2020 20:11:02.570575953 CET6491053192.168.2.38.8.8.8
                                                                                Dec 15, 2020 20:11:02.606292009 CET53649108.8.8.8192.168.2.3

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                Dec 15, 2020 20:09:41.720956087 CET192.168.2.38.8.8.80xea8Standard query (0)kb4.ioA (IP address)IN (0x0001)
                                                                                Dec 15, 2020 20:09:41.768281937 CET192.168.2.38.8.8.80x30b2Standard query (0)online-banking.kb4.ioA (IP address)IN (0x0001)

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                Dec 15, 2020 20:09:41.925755024 CET8.8.8.8192.168.2.30x30b2No error (0)online-banking.kb4.iolanding.training.knowbe4.comCNAME (Canonical name)IN (0x0001)
                                                                                Dec 15, 2020 20:09:41.925755024 CET8.8.8.8192.168.2.30x30b2No error (0)landing.training.knowbe4.com52.4.230.221A (IP address)IN (0x0001)
                                                                                Dec 15, 2020 20:09:41.925755024 CET8.8.8.8192.168.2.30x30b2No error (0)landing.training.knowbe4.com23.20.94.242A (IP address)IN (0x0001)
                                                                                Dec 15, 2020 20:09:41.925755024 CET8.8.8.8192.168.2.30x30b2No error (0)landing.training.knowbe4.com18.235.63.255A (IP address)IN (0x0001)
                                                                                Dec 15, 2020 20:09:41.925755024 CET8.8.8.8192.168.2.30x30b2No error (0)landing.training.knowbe4.com34.199.144.209A (IP address)IN (0x0001)
                                                                                Dec 15, 2020 20:09:41.925755024 CET8.8.8.8192.168.2.30x30b2No error (0)landing.training.knowbe4.com54.84.251.123A (IP address)IN (0x0001)
                                                                                Dec 15, 2020 20:09:41.925755024 CET8.8.8.8192.168.2.30x30b2No error (0)landing.training.knowbe4.com3.223.255.132A (IP address)IN (0x0001)

                                                                                Code Manipulations

                                                                                Statistics

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                Analysis Process: AcroRd32.exe PID: 4952 Parent PID: 5584

                                                                                General

                                                                                Start time:20:09:21
                                                                                Start date:15/12/2020
                                                                                Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\COVID19_MentalHealth.pdf'
                                                                                Imagebase:0xf10000
                                                                                File size:2571312 bytes
                                                                                MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate

                                                                                Analysis Process: AcroRd32.exe PID: 5708 Parent PID: 4952

                                                                                General

                                                                                Start time:20:09:22
                                                                                Start date:15/12/2020
                                                                                Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\COVID19_MentalHealth.pdf'
                                                                                Imagebase:0xf10000
                                                                                File size:2571312 bytes
                                                                                MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate

                                                                                Analysis Process: RdrCEF.exe PID: 5240 Parent PID: 4952

                                                                                General

                                                                                Start time:20:09:29
                                                                                Start date:15/12/2020
                                                                                Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
                                                                                Imagebase:0x90000
                                                                                File size:9475120 bytes
                                                                                MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate

                                                                                Analysis Process: RdrCEF.exe PID: 6212 Parent PID: 5240

                                                                                General

                                                                                Start time:20:09:32
                                                                                Start date:15/12/2020
                                                                                Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8824394977426197921 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8824394977426197921 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
                                                                                Imagebase:0x90000
                                                                                File size:9475120 bytes
                                                                                MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate

                                                                                Analysis Process: RdrCEF.exe PID: 6244 Parent PID: 5240

                                                                                General

                                                                                Start time:20:09:34
                                                                                Start date:15/12/2020
                                                                                Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=18010116590796279063 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
                                                                                Imagebase:0x90000
                                                                                File size:9475120 bytes
                                                                                MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate

                                                                                Analysis Process: RdrCEF.exe PID: 6320 Parent PID: 5240

                                                                                General

                                                                                Start time:20:09:38
                                                                                Start date:15/12/2020
                                                                                Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6134182799145032745 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6134182799145032745 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
                                                                                Imagebase:0x90000
                                                                                File size:9475120 bytes
                                                                                MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate

                                                                                Analysis Process: RdrCEF.exe PID: 6496 Parent PID: 5240

                                                                                General

                                                                                Start time:20:09:40
                                                                                Start date:15/12/2020
                                                                                Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1680,17373696576901166901,1642707621424303814,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9513205951343530347 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9513205951343530347 --renderer-client-id=5 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job /prefetch:1
                                                                                Imagebase:0x90000
                                                                                File size:9475120 bytes
                                                                                MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate

                                                                                Disassembly

                                                                                Code Analysis

                                                                                Reset < >