Play interactive tour

Edit tour

Analysis Report Janette De La Caridad Guillen ASJ2 Records (2).pdf

Overview

General Information

Sample Name:	Janette De La Caridad Guillen ASJ2 Records (2).pdf
Analysis ID:	336774
MD5:	097e5a2956e5c698f987b27e33f2df50
SHA1:	a58eccbca7aa1b9105b336b960a7cdd1c823f259
SHA256:	e9bef2b78bcfd6ac88b7f44f38db5c5bd94dc9261327d48c91ac3913a3ff3cf9
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

High memory usage for Adobe Reader (potential heap spray)

IP address seen in connection with other malware

Classification

Startup

System is w10x64

AcroRd32.exe (PID: 7104 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Janette De La Caridad Guillen ASJ2 Records (2).pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

AcroRd32.exe (PID: 7164 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Janette De La Caridad Guillen ASJ2 Records (2).pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

RdrCEF.exe (PID: 1668 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6648 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7285576016619014750 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7285576016619014750 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 4244 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=13665176154593383583 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 4112 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5049533098483960058 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5049533098483960058 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6776 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14602781306462947134 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14602781306462947134 --renderer-client-id=5 --mojo-platform-channel-handle=2068 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Adobe Reader

Process Stats: High memory usage

Source: Joe Sandbox View

IP Address: 80.0.0.0 80.0.0.0

Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/)
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/K
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: http://sourceforge.net/projects/sevenzip/files/7-Zip/4.65/7z465.exe/download
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/r
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/y
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#1
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#L
Source: AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#E
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/5
Source: AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000001.00000002.890629296.000000000B1CB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.890704522.000000000B24E000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.890704522.000000000B24E000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/0b
Source: AcroRd32.exe, 00000001.00000002.890704522.000000000B24E000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/:b
Source: AcroRd32.exe, 00000001.00000002.890704522.000000000B24E000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/Jb
Source: AcroRd32.exe, 00000001.00000002.890629296.000000000B1CB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/s
Source: AcroRd32.exe, 00000001.00000002.890629296.000000000B1CB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y
Source: AcroRd32.exe, 00000001.00000002.890629296.000000000B1CB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/yd
Source: AcroRd32.exe, 00000001.00000002.905929730.0000000011848000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.907036613.0000000011BFF000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.905929730.0000000011848000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comileLeng
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://cms.officeally.com
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://cms.officeally.com/OfficeAlly/Images/tab-help-center.jpg
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://cms.officeally.com/OfficeAlly/Images/tab-request.jpg
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://cms.officeally.com/ResourceCenter/OfficeAllyFormsManuals.aspx
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://cms.officeally.com/ResourceCenter/PayerLists/PayerList.aspx
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://cms.officeally.com/Support/AboutUs.aspx
Source: AcroRd32.exe, 00000001.00000002.881349176.00000000094A0000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000002.881349176.00000000094A0000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.comg
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://oarx.officeally.com/erx/Logout.aspx?app=emr
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://pm.officeally.com/
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://pm.officeally.com/emr
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://pm.officeally.com/emr/Appointments/VirtualVisits.aspx
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://pm.officeally.com/emr/Logout.aspx?Goto=home
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://pm.officeally.com/oa.asp?GOTO=hipaa
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://pm.officeally.com/pm/default.aspx
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://pm.officeally.com/secure_oa.asp?GOTO=ServiceMenu
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://secure.logmeinrescue.com/Customer/Code.aspx
Source: AcroRd32.exe, 00000001.00000003.650766793.000000000A8A3000.00000004.00000001.sdmp, Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://webapi.officeally.com/OA/
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://webapi03.officeally.com/xAD/
Source: AcroRd32.exe, 00000001.00000002.880394092.0000000008C0D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf	String found in binary or memory: https://www.samplecenter.net/officeally-ehr/

Source: classification engine

Classification label: clean1.winPDF@13/48@0/2

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1vx9tj8_4h2j1s_5j0.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Janette De La Caridad Guillen ASJ2 Records (2).pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Janette De La Caridad Guillen ASJ2 Records (2).pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7285576016619014750 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7285576016619014750 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=13665176154593383583 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5049533098483960058 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5049533098483960058 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14602781306462947134 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14602781306462947134 --renderer-client-id=5 --mojo-platform-channel-handle=2068 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Janette De La Caridad Guillen ASJ2 Records (2).pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7285576016619014750 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7285576016619014750 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=13665176154593383583 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5049533098483960058 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5049533098483960058 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14602781306462947134 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14602781306462947134 --renderer-client-id=5 --mojo-platform-channel-handle=2068 --allow-no-sandbox-job /prefetch:1	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Janette De La Caridad Guillen ASJ2 Records (2).pdf

Static file information: File size 7249601 > 6291456

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: AcroRd32.exe, 00000001.00000002.905822569.00000000117AD000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 1_2_00BCF490 LdrInitializeThunk,

1_2_00BCF490

Source: AcroRd32.exe, 00000001.00000002.875903456.0000000005C00000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.875903456.0000000005C00000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.875903456.0000000005C00000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.875903456.0000000005C00000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Drive-by Compromise1	Windows Management Instrumentation	Path Interception	Process Injection2	Masquerading1	OS Credential Dumping	Security Software Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection2	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	File and Directory Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/yd	0%	Avira URL Cloud	safe
https://ims-na1.adobelogin.comg	0%	Avira URL Cloud	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	0%	Avira URL Cloud	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/0b	0%	Avira URL Cloud	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/)	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/)	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/)	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/)	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
https://api.echosign.comileLeng	0%	Avira URL Cloud	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/5	0%	Avira URL Cloud	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/K	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/Jb	0%	Avira URL Cloud	safe
https://www.samplecenter.net/officeally-ehr/	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/:b	0%	Avira URL Cloud	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/	0%	Avira URL Cloud	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/s	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://pm.officeally.com/	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
https://cms.officeally.com/ResourceCenter/PayerLists/PayerList.aspx	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/yd	AcroRd32.exe, 00000001.00000002.890629296.000000000B1CB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://ims-na1.adobelogin.comg	AcroRd32.exe, 00000001.00000002.881349176.00000000094A0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/field#L	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
http://sourceforge.net/projects/sevenzip/files/7-Zip/4.65/7z465.exe/download	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
http://www.aiim.org/pdfa/ns/schema#	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
https://cms.officeally.com/OfficeAlly/Images/tab-help-center.jpg	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
https://webapi03.officeally.com/xAD/	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://cms.officeally.com/OfficeAlly/Images/tab-request.jpg	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
http://cipa.jp/exif/1.0/	AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://pm.officeally.com/emr/Logout.aspx?Goto=home	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
http://www.aiim.org/pdfa/ns/type#	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
https://pm.officeally.com/oa.asp?GOTO=hipaa	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
https://api.echosign.com	AcroRd32.exe, 00000001.00000002.905929730.0000000011848000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.907036613.0000000011BFF000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	AcroRd32.exe, 00000001.00000002.890704522.000000000B24E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.npes.org/pdfx/ns/id/	AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/drm/default	AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/extension/r	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/0b	AcroRd32.exe, 00000001.00000002.890704522.000000000B24E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/extension/	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
http://www.aiim.org/pdfa/ns/property#E	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
https://oarx.officeally.com/erx/Logout.aspx?app=emr	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
http://www.osmf.org/subclip/1.0	AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/extension/y	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
https://pm.officeally.com/pm/default.aspx	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
http://www.aiim.org/pdfa/ns/property#	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
http://cipa.jp/exif/1.0/)	AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ns.useplus.org/ldf/xmp/1.0/	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/id/	AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	false		high
https://api.echosign.comileLeng	AcroRd32.exe, 00000001.00000002.905929730.0000000011848000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/layout/anchor	AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.npes.org/pdfx/ns/id/5	AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://cms.officeally.com	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
https://cms.officeally.com/Support/AboutUs.aspx	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfe/ns/id/	AcroRd32.exe, 00000001.00000002.905773214.000000001179B000.00000004.00000001.sdmp	false		high
http://iptc.org/std/Iptc4xmpExt/2008-02-29/K	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://pm.officeally.com/emr/Appointments/VirtualVisits.aspx	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
https://webapi.officeally.com/OA/	AcroRd32.exe, 00000001.00000003.650766793.000000000A8A3000.00000004.00000001.sdmp, Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
https://secure.logmeinrescue.com/Customer/Code.aspx	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/Jb	AcroRd32.exe, 00000001.00000002.890704522.000000000B24E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://pm.officeally.com/emr	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
https://www.samplecenter.net/officeally-ehr/	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false	Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/field#1	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
https://cms.officeally.com/ResourceCenter/OfficeAllyFormsManuals.aspx	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high
http://www.aiim.org/pdfa/ns/field#	AcroRd32.exe, 00000001.00000002.905715688.0000000011731000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/:b	AcroRd32.exe, 00000001.00000002.890704522.000000000B24E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y	AcroRd32.exe, 00000001.00000002.890629296.000000000B1CB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/	AcroRd32.exe, 00000001.00000002.890629296.000000000B1CB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.quicktime.com.Acrobat	AcroRd32.exe, 00000001.00000002.876458830.0000000007D50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ims-na1.adobelogin.com	AcroRd32.exe, 00000001.00000002.881349176.00000000094A0000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/s	AcroRd32.exe, 00000001.00000002.890629296.000000000B1CB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://pm.officeally.com/secure_oa.asp?GOTO=ServiceMenu	Janette De La Caridad Guillen ASJ2 Records (2).pdf	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
80.0.0.0	unknown	United Kingdom		5089	NTLGB	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	336774
Start date:	06.01.2021
Start time:	19:39:42
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Janette De La Caridad Guillen ASJ2 Records (2).pdf
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.winPDF@13/48@0/2
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 11 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .pdf Found PDF document Find and activate links Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 104.79.88.64, 2.20.143.130, 2.20.142.203, 51.104.139.180, 92.122.213.247, 92.122.213.194, 52.255.188.83, 168.61.161.212, 205.185.216.42, 205.185.216.10, 52.155.217.156, 20.54.26.129 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, e4578.dscb.akamaiedge.net, a1449.dscg2.akamai.net, acroipm2.adobe.com, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, a122.dscd.akamai.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, acroipm2.adobe.com.edgesuite.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, skypedataprdcoleus17.cloudapp.net, armmf.adobe.com, blobcollector.events.data.trafficmanager.net Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:40:37	API Interceptor	14x Sleep call for process: RdrCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
80.0.0.0	https://awattorneys-my.sharepoint.com/:b:/p/fgalante/EcRfEpzLM_tOh_Roewbwm9oB4JarWh_30QaPZLGUdNbnuw?e=4%3aqmwocp&at=9	Get hash	malicious	Browse
	http://quickneasyrecipes.co	Get hash	malicious	Browse
	https://dck12-my.sharepoint.com:443/:b:/g/personal/tanya_mckelvin_k12_dc_gov/EbGhLtD47K1Cl18cC--Ad0sBxiRFwsui9s7PYb2eA-FMZg?e=4%3arCBWhd&at=9__;JQ!!P4oOa0cl!xjyiOci-WnHuSIjf0v9YP9XHTo1mHg1DdlnrlGItn8ysOUKeJHjzL7gjiYG6nZ8pLQ$	Get hash	malicious	Browse
	https://public.3.basecamp.com/p/2D4prniZtSHtN5Qfx4XocXX3	Get hash	malicious	Browse
	https://bouthilletteparizeau-my.sharepoint.com/:b:/g/personal/jproulx_bpa_ca/EYQbKRRM1_VEjGeslLjc5GwB075qH34FcIdpShYIw3DxFA?e=4%3abltg7p&at=9	Get hash	malicious	Browse
	ds7002.lnk	Get hash	malicious	Browse
	https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9	Get hash	malicious	Browse
	iwqOx.pdf	Get hash	malicious	Browse
	https://jcpconsulting-my.sharepoint.com/:b:/g/personal/maireads_jcpconsulting_co_uk/ERfHfSCzdwpCiQXDqtKNHKkBnVvlszs3rd1CSU_-rQLUlg?e=0TY6UC	Get hash	malicious	Browse
	purchase.pdf.exe	Get hash	malicious	Browse
	fOlUD.pdf	Get hash	malicious	Browse
	aPJ75.pdf	Get hash	malicious	Browse
	http://search.hdirectionsandmap.com	Get hash	malicious	Browse
	https://mbtaroll.tk/Login.php?sslchannel=true&sessionid=Jpvx93y8JgRFpwB2D6S76FwVGVH0eKmArD2DZdvffGrHIfGfryVp0vtNmvQdBq2eIn8T1temjHcqnoXVK9jYs24fgzW8Poywqnsx1f3VYySbZPlY2BXshxKsAiqv4FaDCo	Get hash	malicious	Browse
	https://mbtaroll.tk/Login.php?sslchannel=true&sessionid=Jpvx93y8JgRFpwB2D6S76FwVGVH0eKmArD2DZdvffGrHIfGfryVp0vtNmvQdBq2eIn8T1temjHcqnoXVK9jYs24fgzW8Poywqnsx1f3VYySbZPlY2BXshxKsAiqv4FaDCo	Get hash	malicious	Browse
	nyEdi.pdf	Get hash	malicious	Browse
	CHoyU.pdf	Get hash	malicious	Browse
	ggBNN.pdf	Get hash	malicious	Browse
	KKjNA.pdf	Get hash	malicious	Browse
	IFPoj.pdf	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
NTLGB	https://awattorneys-my.sharepoint.com/:b:/p/fgalante/EcRfEpzLM_tOh_Roewbwm9oB4JarWh_30QaPZLGUdNbnuw?e=4%3aqmwocp&at=9	Get hash	malicious	Browse	80.0.0.0
	http://quickneasyrecipes.co	Get hash	malicious	Browse	80.0.0.0
	utox.exe	Get hash	malicious	Browse	82.27.253.120
	https://dck12-my.sharepoint.com:443/:b:/g/personal/tanya_mckelvin_k12_dc_gov/EbGhLtD47K1Cl18cC--Ad0sBxiRFwsui9s7PYb2eA-FMZg?e=4%3arCBWhd&at=9__;JQ!!P4oOa0cl!xjyiOci-WnHuSIjf0v9YP9XHTo1mHg1DdlnrlGItn8ysOUKeJHjzL7gjiYG6nZ8pLQ$	Get hash	malicious	Browse	80.0.0.0
	NormhjTcQb.exe	Get hash	malicious	Browse	82.1.160.234
	https://public.3.basecamp.com/p/2D4prniZtSHtN5Qfx4XocXX3	Get hash	malicious	Browse	80.0.0.0
	https://bouthilletteparizeau-my.sharepoint.com/:b:/g/personal/jproulx_bpa_ca/EYQbKRRM1_VEjGeslLjc5GwB075qH34FcIdpShYIw3DxFA?e=4%3abltg7p&at=9	Get hash	malicious	Browse	80.0.0.0
	ds7002.lnk	Get hash	malicious	Browse	80.0.0.0
	https://townemortgage-my.sharepoint.com/:b:/p/cislami/ETa8xXdrX-FKtlaSfOphTioBLICbx4muhejuoDN0jK0wqw?e=4%3aBnR24e&at=9	Get hash	malicious	Browse	80.0.0.0
	xJbFpiVs1l	Get hash	malicious	Browse	82.30.74.138
	SecuriteInfo.com.Variant.Razy.803156.13117.exe	Get hash	malicious	Browse	81.106.72.253
	sDSRBJGFaW.exe	Get hash	malicious	Browse	81.106.72.253
	Advice.xls	Get hash	malicious	Browse	81.106.72.253
	iwqOx.pdf	Get hash	malicious	Browse	80.0.0.0
	pty10	Get hash	malicious	Browse	217.137.225.123
	https://jcpconsulting-my.sharepoint.com/:b:/g/personal/maireads_jcpconsulting_co_uk/ERfHfSCzdwpCiQXDqtKNHKkBnVvlszs3rd1CSU_-rQLUlg?e=0TY6UC	Get hash	malicious	Browse	80.0.0.0
	purchase.pdf.exe	Get hash	malicious	Browse	80.0.0.0
	fOlUD.pdf	Get hash	malicious	Browse	80.0.0.0
	Astra.x86	Get hash	malicious	Browse	94.174.22.218
	aPJ75.pdf	Get hash	malicious	Browse	80.0.0.0

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	615
Entropy (8bit):	5.7129191213438455
Encrypted:	false
SSDEEP:	12:vDRM9MyJyzLZiEjlhDRM9HWLZiE8DRM9CFiviLZiE:7WE/8nEK/FivzE
MD5:	FDA999DAB9297709E409513FB4CB36F9
SHA1:	1CB4C3F244D3B322077B5CA45B78FBB1390CBD3C
SHA-256:	1C10719BC98684B3795D84952D92F0A06FC47EA37413DD99BBB428A7CB9898AD
SHA-512:	802FB9D835C362FC323719718C4D4D745FECFE0E234C12435736B84605C0942557DB7213509791FAAB20BBE9D572B0CD096891EFE68AFEF056E902DB62859A99
Malicious:	false
Reputation:	low
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ......./....."#.D&......A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo........C.........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .x...../....."#.D..R....A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo........)m........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..0(.../....."#.D&......A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo......&.^.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.6601129121331475
Encrypted:	false
SSDEEP:	6:mi9NqEYOFLvEkJswR298Be7Ywcr1TK6t6/l2i9NqEYOFLvEkdwm/tzD3m98Be7Yo:V9zp299PQk39z499PQZ99zB99PQ
MD5:	C9D024F871528ABC89334CAC43B2A31F
SHA1:	BFA7F9C3F4D9B0A6C3C5C6E226974F1498FEF843
SHA-256:	C3B0F978C81D73C0D6C92738DF17EF2596D9302C69AA6BAAEC559F63D4A648BE
SHA-512:	B7B7EEF9394081BC0108F2D4D7E1266F73E1EB32BF0BB099093085F7BDD59FB340F64D923DEB338F11005AF659D7609EE719F49B68904AFCE128B097BD2C0F28
Malicious:	false
Reputation:	low
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ......./....."#.D.\.....A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo........l........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ......./....."#.D'......A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo.......=.........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ......./....."#.DX......A.1.x.'.vI..*\|Z..o...+.4....0..A..Eo...................A..Eo.........;........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	738
Entropy (8bit):	5.643826074171083
Encrypted:	false
SSDEEP:	12:DyeRVFAFjVFAFTblUo6jDyeRVFAFjVFAFbBblUo6jJ/5yeRVFAFjVFAFNUOblUoO:tB4v4vSBtB4v4NSBx3B4v4FSBr
MD5:	5409497B9EFF649CA00312E86DD8055A
SHA1:	B3F11E66E084BE6215D7251E1C115056119E9E6C
SHA-256:	2DC00FBAAA836248559B32109CDA80E2516142AC18AE8F84786E4863A5B76615
SHA-512:	9C5E655ADB51AF5DF037FB05A93D155B2162C2C4DF8CDB960CB738BE63264D1FA90ADEBC029141E0B392B540FA618706409D134CF31CE16CC2FAC40849077E0F
Malicious:	false
Reputation:	low
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ...../....."#.DLR.....A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo......4.d.........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .2(..../....."#.D..P....A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo.......P.w........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .z1&.../....."#.D.1.....A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo........]8........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.728147322892296
Encrypted:	false
SSDEEP:	6:mNtVYOFLvEWdFCi5RsFriWulHyA1TK6tRi9/ENtVYOFLvEWdFCi5RshCBKRiWulm:IbRkiDzWusszi9ObRkiD5BKwWussi
MD5:	470DB1DFC70724B4E0770D80F5F38AD6
SHA1:	51A91444734C3F1DA21F84DBF20BB27754F009F7
SHA-256:	7F9BE03D71D9BD40C07C70D1807874A14867515A7BEDC0D3953B0AE6101E38A2
SHA-512:	56C53A6F22677263E443C1D5831018F9140F8CE1DB97D192F68889BF90CA6BC34BB08D155B0B01451A89EBA4B76106F649FBF874C4E874C725FEB40F918EBC45
Malicious:	false
Reputation:	low
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ....../....."#.D.g.....A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo......;...........0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ..7..../....."#.D.^`....A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo.......<6O........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.581940373979228
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVu0nXzPVyh9PT41TK6tit:pyixRuenTV41TEk
MD5:	A71486ED687ABF48E8115D23E14E4000
SHA1:	AACA03312D7AC956A8224BE22DAE3254211A1EC0
SHA-256:	673E46112C96E4262543D9D2C95B89F3E74BBAE7CFFBC531524A6121CCE1F793
SHA-512:	D10DF411341ABDC0677ED7BB0B378D3E146C9B2DE17F9A6190D531B8A470F9EA831CF8636E00CFD5F35A26B1EFAB0EB1EB5C946AEB0D960BE25F024B953F17E2
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .Z.'.../....."#.DEH.....Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo......x...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.615883494970557
Encrypted:	false
SSDEEP:	6:mvYOFLvEWdhwjQT2+X9sLZIl6P41TK6tnl:0RhkOeLZCx
MD5:	8350E6C77FAA2E3DCBEB3FCA827B45EA
SHA1:	CEF764CA5C4A39C05D91AE46781A738627A84A46
SHA-256:	843875F28D0FE504EFB0CD3EA3D33AC5DA143D9ABDFA78DB8F59E98722026ADF
SHA-512:	2250735F99B672ED89BEEE829EA392BFE7CBDADAAF02254F60FD5BC1848BC6A981236EC37F7672180F2169FC9F652C43C05018F04DFFD410E26A6D0B8127690A
Malicious:	false
Reputation:	low
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ...#.../....."#.D.L.....A.].>....uUf..N...k......c..l.A..Eo...................A..Eo......-...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.521424744378764
Encrypted:	false
SSDEEP:	3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVot/O4apRdcyxMtv9EWm1TK57:mJYOFLvEWdGQRQOdQDO4apRt6g1TK6t
MD5:	2A003C34AE906645C73784471519CB39
SHA1:	CABF1B3A4669301F8B64B0480F666557088A704E
SHA-256:	B546CF5199D89F81152A91A300C412B7DB1870FDD71C35352172FC3CBEB229D0
SHA-512:	F54E653E8DE88CC73214AAE6BC4FA248CCDC08BC85CA4A7DCEEB27CC279B300071ED5588C8E1B7ADC7C91EBE73A3DB6EF0D3544F1A405093DD65A445AC8CD618
Malicious:	false
Reputation:	low
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .A.'.../....."#.D.].....A..c..y/L....\|y.n..C/I.....X7-ne.A..Eo...................A..Eo.......@.\........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	537
Entropy (8bit):	5.625283903114868
Encrypted:	false
SSDEEP:	12:Z5Me+1hMuR/EeB5MwtUMuR/EW5MHheMuR/E:ZSeWmuR/EeBSYuR/EWSHVuR/E
MD5:	76E00D4183C0AF9F72BAA6260F4B5FB0
SHA1:	6814D8C71C6600E6CE25DFA37A7C06056042E5C6
SHA-256:	1DB6C993457B03BC8133210CDEF9B1D986A8EAE00DC8D895D41848DB4FCBC0C5
SHA-512:	E361094B3A36A48BFBFC6037603A55EE3875DB77676A0B1D8B8ACA4E890B3F1B4101020CE36D4C9FE8AD1CF2C47DB0F86202B8071779CD265F8DCA725F8D7900
Malicious:	false
Reputation:	low
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .?...../....."#.D\|......A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo..................0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ....../....."#.D.f.....A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......O.. ........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ......./....."#.D.3.....A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo........q.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.538833878319842
Encrypted:	false
SSDEEP:	6:m4fPYOFLvEWdtuJecIWby0zBUKSAA1TK6tU9:pRmtbe
MD5:	5292CE6DD1F381E15E7928E5A145D84C
SHA1:	B2281C0AFCA35EE99CB9EA96B077FCA6B021B320
SHA-256:	F098A1F33543B641E3B6D7056B9EF5BEEF6AC984CDF1159DB825150ACE71826B
SHA-512:	E7F129D03A9B2D184696EC9E5E8033F85CCE9E2E77AD6467C16C2D9AE04C3B5F630220A6F6C0EB4BC633EFF3C308F5D7FB3E4A091D3C9F8E120F65D72D7A0E4F
Malicious:	false
Preview:	0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js .Ze(.../....."#.D.......AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......$f..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	531
Entropy (8bit):	5.569597901623291
Encrypted:	false
SSDEEP:	12:KkXxKMSCvw/WotUl4kXxKMSCvzfotUlvCkXxKMSCvXk3tUl:KkXxiC4WoW4kXxiC7foWvCkXxiC/mW
MD5:	44BAA70A35528F0FEB8EEC8435BCF122
SHA1:	CF629DCADE2CADDC684E9AF7895B81350F883470
SHA-256:	5B0DA5EC25D8611535D7AE0716D8C0CA708B7BA81059752C4221D5A097C8F436
SHA-512:	5CE108467BC889CB87629CFDB1EC75EAE27F3A311E8930536FE1D661A7103029586D20D4126A88E3C258D422A710A211ABCECBBBF1BAF7B4F3522A88130525B2
Malicious:	false
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ......./....."#.D.......A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo..................0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ......./....."#.DE/.....A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo........W"........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ......./....."#.Df-.....A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.........O........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	561
Entropy (8bit):	5.609117070264812
Encrypted:	false
SSDEEP:	6:mkl9YOFLvEWsfOL21t1JyM+VY1TK6tBlMkl9YOFLvEWsfOL7XXyM+VY1TK6tm/Ep:5h6OL2hEkLJh6OL7ekQbh6OLppmkKN
MD5:	CA9BFA9A2B19E9C1266EB56F8DDFE41B
SHA1:	D526366DBCDD46A96AFC47E095490508F54DF9FA
SHA-256:	17A4F84DE4F5C9C7249D95D9C7154BF7860D8F3FC1864111C3E6DB6B02030B93
SHA-512:	38825080984CBC9E889947B69A45B445C2C91CE2C99E5F3FBAC97CF2324552FA7A3690DDC716BAF6A0DB8F3D62050DFA1FD8079B4BBC6EF36BFFD75183F32F31
Malicious:	false
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..o..../....."#.D.......A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo.......+..........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .J...../....."#.D A@....A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......./;(........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..!.../....."#.D.\|.....A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	732
Entropy (8bit):	5.648713593517366
Encrypted:	false
SSDEEP:	12:URVFAFjVFAFDd+wSeKaTLngcRVFAFjVFAFMuxwSeKaTLnjeRVFAFjVFAF7A+wSez:UB4v4h+wzXLngcB4v4MswzXLnaB4v47I
MD5:	02B3EDEB14BD9DFD5279539D087E0FE2
SHA1:	DA362C86DCA53008D8DFE85BDC5771018C4F1B27
SHA-256:	3C9459089979625B0655886C987696B01CA1415B586E13913053D1DB3414A6DC
SHA-512:	5C30343C282CF9D9D118F0A33D5CB80890FA8C2AF62223B1A391AC264E5D54C57CC6801A5F4DEFCB717295CE5499A80138C037E2BF20074800B62C834EC6A8F4
Malicious:	false
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .nR..../....."#.D%>.....A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......3..N........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ......./....."#.D.\|U....A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo....../.m#........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ...'.../....."#.DA......A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo........h.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.482359043493777
Encrypted:	false
SSDEEP:	6:ms2VYOFLvEWdvBIEGdeXuqerY11TK6tVl:BsR2EseaSDl
MD5:	AB1894846869EC3AB32BD3604247A82E
SHA1:	95A524EBD919507339321C457C342B94CAECED53
SHA-256:	3CE1038C1B849A51081EAEEBAC0B60188F12B2576F8DF498359F200C4C8EB529
SHA-512:	9AF4D84EE9C50DD01FB0936A087657367E2970CEFD968756A3B82C6F150333DA7F228D70F9836C9000A394D13F7BC9D41ECB02C4798260634D8A574DEFF6C0FF
Malicious:	false
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..n&.../....."#.D.v.....A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo......_N..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.626254652472194
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQuwqOIa+B7OhKlvA1TK6t4w:RbR16RfJkb
MD5:	6AC0A28B62543D334E825D7E393AB0CD
SHA1:	6A967E49E822DF972AF0DE519ADBB97697EDAF80
SHA-256:	74A2047562EFB5E60BB997744B7B45D46433DB3891536475DF8D07E0C3726466
SHA-512:	3379AABC148DE0FF97482726017529CD12AD994E6871157D2B79871E9B45D53049BEAE4C04DB91D144A4D9E237B43022971CC5FE908D0C98BD265C92DE3878A5
Malicious:	false
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ...#.../....."#.D.......A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo........e.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.601298986112071
Encrypted:	false
SSDEEP:	6:ms2gEYOFLvEWdGQRQVu/ojQdFt1TK6tet:B2geRHRQjj0A
MD5:	844960B7F962BF5C525488CBE4D4385D
SHA1:	A43E02634B944D6AEF0452D4EFD707B86F63981A
SHA-256:	46DEF61F7E4DBAF82DD91D4EC223BF3FCF4A54FC377AACF84F441E1555C8DCB6
SHA-512:	44ABFF81C3C1A5FB275364DB4B37CD7A3799E107E28C7E6321880201B29FF8C122818ED8A45B822E960D3FA734326F6C8435639E8E4EDAEEF8A5C36797DF9097
Malicious:	false
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..I&.../....."#.D.f.....A@..{o]...9o\|..qY....T....{..u.b..A..Eo...................A..Eo........K\|........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	618
Entropy (8bit):	5.670263699563127
Encrypted:	false
SSDEEP:	12:WyeRlkAt1wAyeRlgsAt1wcyeRlgT4t1wC:WJsAfwAJIsAfwcJ7fwC
MD5:	3F7E26D8F8FD65AAC7D9549E76EAF8DA
SHA1:	F7497717E23FCC6C5658FC4CB6C7CDF3E393CE0A
SHA-256:	2CF73E72B9991BEA2DD8948FCE99A9181C9E41EB2A6108CFDAE21B7BDECA2976
SHA-512:	ED39DE4062BF155CAA80F9867C1A862C9A11235AE70DAFF0E8333DBF3776744AA7C1CAB13AEA055CD68C092F7305C29C9DB41D008123EA7D708CB75E6789B322
Malicious:	false
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .<T..../....."#.D.......A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo........D2........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .;...../....."#.D..F....A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo......p...........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .:(".../....."#.D.......A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo........h.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.575949036470007
Encrypted:	false
SSDEEP:	6:mnYOFLvEWdhwyufX5JCqwK+41TK6tXyt:wRh6JjwK+EUt
MD5:	738C733B5F0DC06B140F4A539862F1D8
SHA1:	8CBC219D0281465D51DFC86AA09321617D4E6FAB
SHA-256:	4E4F7A4A490A1DF4417BACF670922CE7674982940A2F0907D3FAB350B11DDFA0
SHA-512:	0C73D78110709B7354C22896DC37728317E7023655066E75C95C9E6995D5F2A332F829FA71829613ACF9A8970FAFEC09631BAEB75391A07DDB721BB2E82F3201
Malicious:	false
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ...#.../....."#.D.......A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo.......I$.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	690
Entropy (8bit):	5.598559341002561
Encrypted:	false
SSDEEP:	12:/RrROk/bfLEUCVRrROk/2pfLEJvRrROk/yLfLE:/PJ/b4UCVPJ/a4JvPJ/yL4
MD5:	C44DBDD17916BE64DB5A0E60EC773AE6
SHA1:	64A77CD116766F3CB127EF582D45664502F7111A
SHA-256:	023FD073FD4A8D8853E9E98DCDE1FD3F32059D58C1EE408D651FF2A45DD90AF4
SHA-512:	58B3C2C78AFCA3DA01D5E4C9ECDA33D0E04B5B595FAA2282731A1784ED5BC0363E348F94E231A1C669CEC2813529259082ECD8758279A46CB92D085305C7021F
Malicious:	false
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .cR..../....."#.D.......A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo........s{........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ......./....."#.D.mF....A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......[..?........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .i&".../....."#.D(......A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	558
Entropy (8bit):	5.617927785864058
Encrypted:	false
SSDEEP:	12:xqTU82CPLn29XjqTzfCPLnEjqTQeSCPLn:AD2Mn2NmPfMnLJSMn
MD5:	9106C37254ECE04FA68C01CEC6CE91B6
SHA1:	A7D0395FF292179B11705E4BC022A1E000C8282B
SHA-256:	2F80A69A7B785648AF5074EACFD483E511E092DB39936DB6ECF19F0969493D10
SHA-512:	F7A9AB2D47987CE8C72AD5D1C5F17BE4D547CBAE75003BAB3422A950935E1FF28E995C13D1243ECEAB67FE529652EC3AC2086051B29C5D9FD00E82F62215627A
Malicious:	false
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..`..../....."#.D#......A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......X..y........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .n...../....."#.D.8@....A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......._.3........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..\|!.../....."#.DOw.....A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......A...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	621
Entropy (8bit):	5.6910393784317606
Encrypted:	false
SSDEEP:	6:m52YOFLvEWdMAuHltKlsEJ41TK6tj52YOFLvEWdMAuflt+mQIsEJ41TK6tV4tM58:zRMQsDQRMk2sDEtZRM5clsDQ
MD5:	F448D60C518DA4FCACAC0D57B757AAB9
SHA1:	14B5C3D777B043887D66DC5A9AE82F7809E6FA12
SHA-256:	B9C47C86435358C0967720E06E2C3334FB47318E87238A2DE7C75AAA7E4C0452
SHA-512:	B2CDE8BDF06FF18554CFBBA7689AF63DACF6E7A9516976E7367DB0F22F384029228812B8978A1E7D6C98D52A9073A79C9210DD7A66F8B78297D7E8446970962A
Malicious:	false
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .X...../....."#.D3......A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.......?..........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .R...../....."#.D..P....A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.................0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .4.&.../....."#.D.......A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......V.Fn........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	630
Entropy (8bit):	5.646163027101371
Encrypted:	false
SSDEEP:	6:mYilPYOFLvEWd8CAdAuFhlt+J+Fong1TK6teYilPYOFLvEWd8CAdAuxItHFong1C:6lJRxmoMQlJRRoMmilJRzioMv
MD5:	4A02BE41D2CF0BDD649CE03880B80222
SHA1:	F189F764BDD1DC0AD5B757C0FE4E13540FCF554F
SHA-256:	042265508798E0340AB43C7D7CA9E04E47638257E07CB5409690CC93B5132141
SHA-512:	05E52E3445DB5D6FB3D008098B58F82C187B537AA3C473A769E29FECC8D0EE36C3B38685488E7E41B1F15BB87FA10752E55F28124E3A5E8C3C9FA94423ED3C6F
Malicious:	false
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ......./....."#.D.4.....Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......W..q........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ......./....."#.D..P....Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.......pi.........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .P.'.../....."#.D.).....Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.......s~.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	669
Entropy (8bit):	5.6647940159275425
Encrypted:	false
SSDEEP:	12:F8hRrROk/8Hw2H8hRrROk/Z25V8hRrROk/KGRX2:UPJ/qw2yPJ/Z2+PJ/KGp2
MD5:	01E5B8756ABB1F6FD9EF738BFFAEA53D
SHA1:	E08442A7DCDF5EE7BAC5BA66C644A4A5B4A6AB9C
SHA-256:	2A4202BCAB4EF2CFDAB1A30E267BF6255BFBA0B335D8CB7E23B946DBA38340F7
SHA-512:	5DCF506DDFA1B1815571B64A77B9FAA1434F93AC81925A6D94ABF835893C58AA819D9C534C96C9C14906D1422F448A89342667B7583760387928A28221056C1A
Malicious:	false
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..2..../....."#.D.......A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo..................0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ....../....."#.D.WF....A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......\.:........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ...!.../....."#.Dy......A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......hT.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	639
Entropy (8bit):	5.7104649194371895
Encrypted:	false
SSDEEP:	12:ehRcRNJIC9blQhRcPiNJICnUhRcV8NJICV:ehIJICllQhyYJICUhHJICV
MD5:	40FF02896C1514DB2CC1D84C23D466C3
SHA1:	77EC7B6092F85B68FB923A0CDDB2D2B62A512B0A
SHA-256:	BD34C016D87BED6D3EF18F9EAB9A7B5B531F4712A112669EE6797A851EA2103F
SHA-512:	DA5C36DA9ABB44CC4A153650FDD8C03BA9B40146F7926EFAB922D88F0D66E00BDEF5933473EEC90774763411342BC88E296765CB41577488A5A4804EBC4FCC42
Malicious:	false
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .n...../....."#.Dn......A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.......fS.........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ......./....."#.DqVG....A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo........\|.........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .\|+".../....."#.D.7.....A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......,...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	624
Entropy (8bit):	5.600160986691641
Encrypted:	false
SSDEEP:	6:mOEYOFLvEWdrIhujeFP8Lzgm2d/1TK6tR+MOEYOFLvEWdrIhu3LtlLzgm2d/1TK6:0R9aPiReH+CRNfReYkRtvRewt
MD5:	DF80BB86105F2968F1328FD8263C8E04
SHA1:	7C024EB5B99DEEB53A464028E47FA71AC1062DC9
SHA-256:	BAA0A2AD03E94F3552A8A42F334BEC0F8672CF885971E26E25E0CBD839F7C21B
SHA-512:	92E3133F4764506F35DDF07BEC7FFD5666B4DA677914C1696E9A8CBAAE46128D008909846A434D0D75A9E6834F8A6059FB22AFB61719EACDDEB527912B5E828A
Malicious:	false
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .B...../....."#.D.e.....AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo......?.(.........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .8...../....."#.D..D....AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo......DBu\|........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .O.!.../....."#.D.P.....AZ.Z}Q..4.o....0+..[\|..n:*..U.W.A..Eo...................A..Eo.........+........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	564
Entropy (8bit):	5.677360027156006
Encrypted:	false
SSDEEP:	6:mAElVYOFLvEW1KetOFhkx56uvp1TK6tuMAElVYOFLvEW1KmOkx56uvp1TK6tKAEh:6JJKtXIJJJKZI0JJKrQKIR
MD5:	0315E384C9F9C8649043EC62E3A1D6AE
SHA1:	7E125BF88236AF7A977165874089C96E6C391AEA
SHA-256:	22A71781ACCADF2A9192EEB5E04B118F810D06A0B3E45E039F4D1AE61070473A
SHA-512:	A7D2D0E0EC49C8FCF6E0760B3B55CEFF3F6B48765364C749469C463FB2A7405CE4E780DCE4E1BE9649183379AE5450D9AB09F9909BD1C325BBA0B81F1730724C
Malicious:	false
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..l..../....."#.Dm .....Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......-Z.........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .Q...../....."#.D.'....Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......2.B{........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ......./....."#.Dg......Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......!..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.650809062083453
Encrypted:	false
SSDEEP:	6:mWYOFLvEWdBJvvuTTOghUDLYtmOZn1TK6tGN:xRBJQODcFZLM
MD5:	EFEAF6077F1F55C01986978691FF5273
SHA1:	24F20D0A64551922F732979F1FD2AC8C384B0AD4
SHA-256:	B0507E04623DDFD5CBCF13C5805D84F98192F84E5FBC3827C04FC14F22ABC918
SHA-512:	295DDD354052DE9A6D2C7598342E135D3E49BA108E44228CCE9832F3D4BB3F4AB88E02C81A02BB824A3FC5465D98534667A907B73BAE5C35840710FCF5788E64
Malicious:	false
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ..r&.../....."#.D&......A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo.........[........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	633
Entropy (8bit):	5.671149856044033
Encrypted:	false
SSDEEP:	6:msRPYOFLvEWIa7zp79/t+87VPu1TK6tm9/EsRPYOFLvEWIa7zp70WtvuRVPu1TK5:BPHz/Qec89rPHyAwcclRPHqc
MD5:	84F27F056B79145569D7C1637FF63A9D
SHA1:	07D08ADAFCC4B07CCC71B1FB643D54A1D8AE8A4F
SHA-256:	95C32082ED8E0DBCC37C43EADE48837DE90B1D840FB897BBF9EBE03B98CF5815
SHA-512:	715D0727E775FE702A1CC4F94672C57CD62FE4FCB967A00EE350297C0338795CD3D57D38373FC2DF6A57CFDA2BD7287536CF1213CCC8F2B2BF8F00F3194EA0FE
Malicious:	false
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ......./....."#.DV......A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......O.Q.........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....../....."#.D.%.....A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......50mq........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ......./....."#.D.[.....A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo.................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.603694806212925
Encrypted:	false
SSDEEP:	6:mKPYOFLvEWdENU9QZd1w2ViM3Y1TK6tIl:bJRT9iTVr0
MD5:	9EE9DD7A5124A1A53BF056D35D993831
SHA1:	27C8FC4949D4DD26D08CDA75104812CF28BDD10B
SHA-256:	F4EBD440F1C56CE9954485104F43E4B0A1766A1144EB30049910F5C961FDCB48
SHA-512:	B4EE5023CEA91F62781876820C053F4D8797C252CB3420DB5AEA7BC33680DC9212BA7D36D2BBCE0D57FD7340A8BA4991CFBF822568CC1A048433329E74366A12
Malicious:	false
Preview:	0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ...#.../....."#.D.......A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo........].........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.63900720028959
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQwyxl8QjBRCh/41TK6t:XRc9NshDi/E
MD5:	B3D3FF58E8D4CFFFC54D758232762740
SHA1:	35413569EABC397D10BFFD4A7B7E333E24109265
SHA-256:	7D8ED716E4BF91EE0D71ED76468ED7A1C6316E9B62619301633D2D1F09CC7DDE
SHA-512:	4614D0623327B3EBE30D3FC0BDE5FB47A8D75604BEC4BB4B8BE3A846154EE13EED5F7F5CB832E04212733831DA66EE09DEC1B5EF100D3D259EC2271B3155B055
Malicious:	false
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .H.'.../....."#.D.......APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo........-.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	462
Entropy (8bit):	5.620648531124488
Encrypted:	false
SSDEEP:	6:mqs6XYOFLvEWdFCi5mhu9y8qk5ULlF4r1TK6tYFqs6XYOFLvEWdFCi5mhuc0UxUT:bs6xRkieTLlF4n+gs6xRkidUiLlF4n
MD5:	C756F945537CA4D8927E79BD7CA4629F
SHA1:	9C3986120258DFC581B0AC1BB873AC2E47504F85
SHA-256:	B0B317BA9109B03729AACCF934213EB0B73B7962B9B59B1E3F7E0BC8D7A304F0
SHA-512:	647B1D870F09E04F1585BC46CE3D249858AC8CFD56AEAC0399ECD1A50429CC002FFCD47F9F8F0EDF14EFCDC5559AE69EDD5B155B68EED4CDF7579AAA4C75F103
Malicious:	false
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .]...../....."#.D.......A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo.........-........0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .9/..../....."#.Dg+H....A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.504281726105635
Encrypted:	false
SSDEEP:	3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvjgmt/qJECcu1isLK5m1TK5ktuF:mhYOFLvEWd/aFu5gm1qJY941TK6t
MD5:	14A5BE566A8D3D0CE4A3057A0E921528
SHA1:	3BF5FDFFEB56E06D27E9377A5450E7CDAA9ABBCD
SHA-256:	9BDF462B9FA80D3421295E560457C3C4ECEDD1F74B1A62FAFE753DCD677DD638
SHA-512:	E63B907A5512927EEF68B26C8A6A70FAAECC9BDCA5E85C94780DAE28DB511C45FC1DA13B48D1793524A93F732D97272FC769DBB0B6E7CDA803E53A4171E58CF9
Malicious:	false
Preview:	0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ..h(.../....."#.D.......A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo......}}\.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.52927473695395
Encrypted:	false
SSDEEP:	6:mR9YOFLvEWd7VIGXOdQVFXjxoBMqVd3G4K41TK6t0:2DRuRmdxoB9Vd2k
MD5:	E615313A2B84523927E0E8ABBD3D2185
SHA1:	446B896DEA03987D1DFC4698EB239EF0C8964039
SHA-256:	442B8C4ABF9721CE0E33600536BA119FCA011E668A0DD69B97A348A2CEC7B6C7
SHA-512:	4B88E566BF5C9C955D1AF42A374C17CA2D63C97C0A57AD2999FEEE4F0633F98F2838BA1FECF0C21216AD297B944ACF0BED0100BEF398E549D462CD2D2D5AE1CB
Malicious:	false
Preview:	0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js .-6(.../....."#.D_......A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo.......T..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	624
Entropy (8bit):	5.672771903064663
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9Q5PYWoHouA424r1TK6tP9/EkqYOFLvEWd8CAd9QZ13LlouAh:+RQKLoTrnZWRQcLBrn+RQTcUirnqq
MD5:	D708CCF3E6B085A95010ECB168731B2E
SHA1:	164D1EB7962F5B949A2706E955A356018D8253D2
SHA-256:	098B658D316C96084E0C7737F8DF2C209AADB81AFF7E9C337E657CC324F14C45
SHA-512:	A49492EDEC64E55DA298FECCCE8C95197C67E24D4EFF410788E12DE99AAFAC3532727E656298BDCB963D75B70089D191C9B0660A690271B91FCECD5D44C02CB9
Malicious:	false
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .U...../....."#.D.M.....A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo.................0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ......./....."#.D{.S....A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo......!}U'........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..5(.../....."#.D.......A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo........wC........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.606571055979183
Encrypted:	false
SSDEEP:	6:moXXYOFLvEWdENUAuo2+XQu4yC8n1TK6tHE:xhRTmb47QxE
MD5:	2CDC413ED3FA75312CB2F94C8F7C5380
SHA1:	9EEC875C102C4FDCB9D9D304E17B8D275219CE5B
SHA-256:	CFD20ACB03938D51E2C37680F006154802909E9D6E2478D5E24BC15877C3E5F6
SHA-512:	BD0A9AB0B123922B370F1387B0D0AC1835604BDC7B201D2CF31704F17B5C5DDCFBE04DA82089CFB2EB2B86A3662DDA0E28F57AE270B7C172F5602FDDBF50A5B0
Malicious:	false
Preview:	0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ..}#.../....."#.D.......A8.../...;.\\o....1..........+..A..Eo...................A..Eo.......C..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	442
Entropy (8bit):	5.653566648638605
Encrypted:	false
SSDEEP:	6:mQZYOFLvEWdrROk/VQqCInbdLmB41TK6tF9ReQZYOFLvEWdrROk/VQVwyUCkBLmW:nRrROk/VUIbomz9RfRrROk/VOkEmZ
MD5:	56CAF7DABCA9EC1F928728F21FD65EA4
SHA1:	D3A3758CF27EE0B9D3843285C4A96216CA738F02
SHA-256:	B4C38093342AD4D3ACA3B3E6F03D3C05F4B80A982F373344727744ACD90B99B1
SHA-512:	D9E163852381E4CB1CAF8571216CB0453760324BA44B5B2B964CEECE54C65B366452EEC172758360B640F6BFB673721BBD0D9505859AE0511D8310062712F266
Malicious:	false
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ....../....."#.D.-.....A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo..................0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..L".../....."#.D.`.....A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......Wcw.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.5686348854142524
Encrypted:	false
SSDEEP:	6:mZ/lXYOFLvEWdccAWuXnKfAdm9741TK6tW:qxRc1ndu7E
MD5:	4DFECA3A3C2F950FD312D91F8BFBA449
SHA1:	99CF0B2EB0C2D15FA9842E310DF28733AE5442BC
SHA-256:	514BD767721EE735B12478BDA38DA620DFFCD11C323BD5A0C77E088E87A5E940
SHA-512:	D6576561B3353726B92F40062726F1100D4DAFBC5832EE974AA13A1818070AE67E743503EF9587B12D18E0FE8CDF3D6AF88F3EE439D8B216ABF6F5DBBA2CCA5D
Malicious:	false
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ..=&.../....."#.D.X.....A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo......?.0g........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.605139931367198
Encrypted:	false
SSDEEP:	3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFv1Wl/prfau6shoq+Nem1TK5ktHX:mMOYOFLvEWdwAPVumdiJn1TK6t3
MD5:	1F2A34A631EEF5BE5FF88C8CBCF4FCB4
SHA1:	3D17E971C8B6253E113E39F4FB669297488EECD0
SHA-256:	4364E31432882BA3285D079FEA8B9C26C0E51B70D29A5B96F83469D4776FE0AA
SHA-512:	3B5E6D940F47910B79CD32CF37E6B59056DF0E02C2683109A6784F30DDEAC6F66E20C650A9FAEA70F4C6F71373837F3A82767C0DCB152535CA38FCACFD33823B
Malicious:	false
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js .q{#.../....."#.D.......A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.645174345621153
Encrypted:	false
SSDEEP:	6:m3PXYOFLvEWdBJvYQXHxy2zhcsBXIh1TK6tNt:mxRBJQiRy2DB0Z
MD5:	0BF9AAE81FC2938B6AF829360153BAD7
SHA1:	E66A7E4A6482D943F025FD834076BF173A76DAFA
SHA-256:	DFCDFF0EB6BB256A03DA82CEE928121FD15D334CE5595195A9293CF490F39CF3
SHA-512:	DBF0B1620953A0709304CB196BD8B26EFAE3CDE3533F77441AA7FD6EB565490E5445A948C682DF2ACDBEE3A6DF3CAF73906D7ECFFADE48583CB17BB47E0ED23B
Malicious:	false
Preview:	0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js .+.'.../....."#.D.......A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo.......u.Z........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	684
Entropy (8bit):	5.6436220219182935
Encrypted:	false
SSDEEP:	12:3RrROk/sgMcvRrROk/sF/0cqRrROk/sXcRGH:3PJ/1vPJ/Q/BqPJ/HR
MD5:	CA779C1BF9B080266E3EC0576269184B
SHA1:	061B641FC321FD474D0CFF2DA8324A6AC70DDA3D
SHA-256:	182D6C94D0091BCA08DB074C3467F9F9491A57267D2D79FE0FF864568C43A2DC
SHA-512:	3071A3B2294AFC58AC46E87D595C81512E802EBE93645D5D0E7FDF3E47962D30E09D7747CEAFB9EFBF4DD6FBF7C17E7589838079B9BD6E82BA608041FC4D12E3
Malicious:	false
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ......./....."#.D.o.....A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo........h........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ......./....."#.D..G....A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......)I(y........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ..O".../....."#.Dw......A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo.......j1.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	Maple help database
Category:	modified
Size (bytes):	1032
Entropy (8bit):	5.128351631978401
Encrypted:	false
SSDEEP:	12:gUWuMGvVDOE8TMzl2Y2TwZrL5hpXAyXZc+8TGA5tlzcqKAy6GZjNc/NpLnn:lPVETMUYNHAEZ0Jncwy6dFpLn
MD5:	BBE5867BA77632106E5195E819654492
SHA1:	CBA3180DC3E6D8A4FD820133BB77BD6E5B42993A
SHA-256:	31FB8365810DCC89AF02FC5A318838C97D4B47D9E9975E363A34F8AD6F8A5347
SHA-512:	C9F1B86EEA779D88C25FA6CE43F2484761A2F51B24B76689A56B1D348A2641BD9121049C3B4F36DFEBA947B211281E1156A63902019B9F155AB8939B9B373456
Malicious:	false
Preview:	.....D`.oy retne....)........T............3....r..../..........v...q...r..../..........C..M.....k...............#...(...k.............]...I.@...../................@...../...........6<\|....0..../.........<...W..J.0..../..............oB.0..../...........a.....0..../...........;.y~A..r..../...........P....V.r..../.........F..=z;..r..../.............o..r..../..............r..../...........2q.....r..../.........Gy.'.h..r..../.............k7A..r..../.........:..N.A...r..../..........;/....r..../.................r..../............P[. q.r..../.........,+..._.#.r..../..........J..j....r..../.........A?.2:...r..../..............q..r..../..........u\]..q.r..../.........!...0.o.r..../.................(.../..........o..k....(.../.........^.~..z...(.../..........[.i..%...(.../..........+.{..'..(.../..........@..x...(.../.........)....J:..(.../............MV3....(.../..........&.S......(.../.........+.U.!..V..(.../.............D.4...(.../..........~.,.4>...(.../.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.207303728472163
Encrypted:	false
SSDEEP:	6:mueqIq2Pwkn2nKuAl9OmbnIFUtp/eMZZmwP/eMzkwOwkn2nKuAl9OmbjLJ:Pe7vYfHAahFUtp/eg/P/eI5JfHAaSJ
MD5:	0AFFE19A5743ECEC6D27D63F6FA35A47
SHA1:	E57B068D4B7CF03E514D52B2FE1A387D1CD5B2E2
SHA-256:	AFD383212DDF3E35DFBAF1CFB90F41EEFAF31C998B4B03CB7269D131E43B4636
SHA-512:	2A288062C534C04BE6E6095783EB1EA59512F9CE5E754B0B2B80E67804701CD906D326FE37432F6A02A21790A72D49AA810D7EC1167DB76BE7AF86D6BE952E28
Malicious:	false
Preview:	2021/01/06-19:40:43.594 19f0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/01/06-19:40:43.596 19f0 Recovering log #3.2021/01/06-19:40:43.596 19f0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.008399703044392193
Encrypted:	false
SSDEEP:	24:TmbsmbPXytHwytHwytHwytHwytHwytHwytHwy:TmwmEHRHRHRHRHRHRH
MD5:	05C31564F5D129E37A363E150A042D4D
SHA1:	FA62CA0C75E503D2C5E83FE48A9846CD48FFF480
SHA-256:	64044EF0EAA6C2CCA1F6D5E32B8C1AD305D642A8AF7F91C89CACC2BF8642C5D1
SHA-512:	895CB367D69A3A2D619868DBDA6DA0EB5FFDC20D6B9B2740E7CAE3F9ED91F29BFB9DBA5FA68E72998E92AE68B66BAB551A53B48575B3CD1C27ABE3C923E1FDAA
Malicious:	false
Preview:	VLnk.....?......).0k....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210106184038Z-190.bmp Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.7899856945756984
Encrypted:	false
SSDEEP:	192:FqI0uXDdvGYL9r34qfQC5grW4Yl/sF4d90rXaDIF/uEJJpeI7Y:FJlXD1hL93RfzSrWlu4d9iKDIPHpu
MD5:	BAE95E8DB3A54B7A318D4FAFEDD39BC1
SHA1:	9AF96D1787DE1602834EECDDB00A1716376F5C96
SHA-256:	BFDAD7199AE27F715C96A81A3AA0DDD4E88758465E58288E2B18CD956B2349BE
SHA-512:	5E41BCB8FF457564165044AA3418B203D321F89FA0D96751446CEDD5315C6AE517A59711E69F95A7BF65170D866E1EE3C554E8D8AC685D5942D91B46FEA90BD0
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3024000
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	3.4486362451724215
Encrypted:	false
SSDEEP:	96:k49IVXEBodRBkWCgOOh1CKj49IVXEBodRBkWCgVOh1CKT49IVXEBodRBkWCgVOh2:HedRBmedRB5edRB0edRB3
MD5:	8EF74993391E51928562B084725356F4
SHA1:	092915212572FAC0775C11029FDFB86A0C981D97
SHA-256:	1519458975DB1C14AF4DA5BD8AC4F5F7DA367B15DA5E44BC6CE69DC9DF1EE886
SHA-512:	3DFDD5DE41B734E1F9CAF5FBBCA77F56564036FD485197D4762B5BD672438703943B9788B1C63DA5BFB5636B42A9FA761A01FB637A795EBDD1EC90B82EB4C928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	modified
Size (bytes):	34928
Entropy (8bit):	3.314946896758771
Encrypted:	false
SSDEEP:	96:7CgOOhZCPg949IVXEBodRBkaCgOOh1CKyt49IVXEBodRBkXeCgVOh1CKSd49IVX1:FiedRB4SedRBKaCedRBVyedRBt
MD5:	35455DB20624988EF2AAE86D31441476
SHA1:	FDB44B13CDA6A1C3A5140129D2CB0942BA1B4C8B
SHA-256:	98C5BB249CAC63CC94C2DF1773EE18AE177C03778DECBABC4D1AEE2ED74243C3
SHA-512:	158BDC42C4E04ACD46CF51BC175BB801B0E717C772D68FB01EE3B26E6B9AC0F5DE90BE76054376F268700A49F43578897660112A88EE591285EB172EB44D1DB3
Malicious:	false
Preview:	............G.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................W....X.W.L...y.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.7164 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	157979
Entropy (8bit):	5.174259815365338
Encrypted:	false
SSDEEP:	1536:amNTjRlaRlQShhp2VpMKRhWa11quVJzlzofqG9Z0ADWp1ttawvayKLWbVG3++:RNj3aRlQShhp2VpMKRhWa11quVJX+
MD5:	159ACCAFBA209FBC642499809CE2B513
SHA1:	6D94F57B63CE3BE71EDFB081ECB848B7D06EB2BE
SHA-256:	ACE286E29DFDB19080E514F3447F46E0E4ED658263AC209A9B4BBCECC36139D3
SHA-512:	E02BD1B88C1188CBBD4D6C1F5B31A44A278B213D991C6E9B9B06C620D66B1290DFBDF6D7BF92082D51A146C8AF772DAA659F9C2DC0A416C6BA9BE14B89C6E8B8
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Marlett.FamilyName:Marlett.StyleName:Regular.MenuName:Marlett.StyleBits:0.WeightClass:500.WidthClass:5.AngleClass:0.FullName:Marlett.WritingScript:Roman.WinName:Marlett.FileLength:27724.NameArray:0,Win,1,Marlett.NameArray:0,Mac,4,Marlett.NameArray:0,Win,1,Marlett.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.FullName:Arial Bold.WritingScript:Roman.WinName:Arial Bold.FileLength:980756.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial Bold.NameAr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.7164 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	9566
Entropy (8bit):	5.226610011802065
Encrypted:	false
SSDEEP:	192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
MD5:	63B24EA3A13EAC476D6309BB202EF459
SHA1:	89502C393549C20C933E4553F51F74F3DBE085EF
SHA-256:	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
SHA-512:	2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	63598
Entropy (8bit):	5.4331110334817385
Encrypted:	false
SSDEEP:	768:PCbGNFYGpiyVFiC0ZdYm+AQEUapmPE5kO/tH6ff/oYyu:J0GpiyVFihum+AQEUawsH63AK
MD5:	9BFE2B6273A5BA0034C2AAB75B6C748D
SHA1:	CF23E4DABC2083CB124E4EF8DE7FF56C5C617676
SHA-256:	1D34BA8ECB56950C34BC6BB77BBE357758C53B9B2ED00F789872623150B50A42
SHA-512:	55BF8B04161374B99F5F8C2765103440F6D5FFB29CFD6A55EAD94A2814E4045905AE1F70F3F47D7B232292C07B9B94C7E78E1BD0CCA463924CF4C0E93CCA11AE
Malicious:	false
Preview:	4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

Static File Info

General
File type:	PDF document, version 1.4
Entropy (8bit):	7.830223003721894
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Janette De La Caridad Guillen ASJ2 Records (2).pdf
File size:	7249601
MD5:	097e5a2956e5c698f987b27e33f2df50
SHA1:	a58eccbca7aa1b9105b336b960a7cdd1c823f259
SHA256:	e9bef2b78bcfd6ac88b7f44f38db5c5bd94dc9261327d48c91ac3913a3ff3cf9
SHA512:	3404ecb4d634367c746213efca7085abccadad86d71eed8db28ceed9646e6d3674ccfe94ecfaf34b98630ef8829aec2bfe74b2f4be23f63bb2c7d8535fe1f24d
SSDEEP:	98304:TXQTNAaKexMMB+0uqyRkC/QolxNaAniwInSLnlagfaUOFZcOrLu7QLLm:ltMB+0uqpMxNvitInlTft+ZcOrC8LLm
File Content Preview:	%PDF-1.4.%.....2 0 obj.<</Length 49/Filter/FlateDecode>>stream.x.+.r..26S075S.I.r....*T0T0.B.......f.........9...endstream.endobj.4 0 obj.<</Type/Page/MediaBox[0 0 612 792]/Resources<</ProcSet [/PDF /Text /ImageB /ImageC /ImageI]/XObject<</Xf1 1 0 R>>>>/C

File Icon


Icon Hash:	74ecccdcd4ccccf0

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
01/06/21-19:41:11.510299	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.2.4	8.8.8.8

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 6, 2021 19:40:46.172040939 CET	62389	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:46.238075018 CET	53	62389	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:46.506365061 CET	49910	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:46.564162970 CET	53	49910	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:47.691127062 CET	62389	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:47.691181898 CET	49910	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:47.747512102 CET	53	49910	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:47.751626968 CET	53	62389	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:48.704163074 CET	49910	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:48.704214096 CET	62389	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:48.762940884 CET	53	49910	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:48.765067101 CET	53	62389	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:50.704647064 CET	62389	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:50.704951048 CET	49910	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:50.763504028 CET	53	49910	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:50.763645887 CET	53	62389	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:53.183142900 CET	55854	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:53.231106043 CET	53	55854	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:54.712680101 CET	62389	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:54.712757111 CET	49910	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:54.763753891 CET	53	62389	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:54.769020081 CET	53	49910	8.8.8.8	192.168.2.4
Jan 6, 2021 19:40:57.549411058 CET	64549	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:40:57.607017994 CET	53	64549	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:07.240658998 CET	63153	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:07.296884060 CET	53	63153	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:10.399714947 CET	52991	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:10.447628021 CET	53	52991	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:11.462332964 CET	52991	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:11.510178089 CET	53	52991	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:12.249811888 CET	53700	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:12.306735039 CET	53	53700	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:13.986099958 CET	51726	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:14.034393072 CET	53	51726	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:15.377039909 CET	56794	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:15.425427914 CET	53	56794	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:15.511765003 CET	56534	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:15.559809923 CET	53	56534	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:16.255080938 CET	56627	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:16.314322948 CET	53	56627	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:16.648036003 CET	56621	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:16.707479000 CET	53	56621	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:16.888561010 CET	63116	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:16.944855928 CET	53	63116	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:17.452827930 CET	64078	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:17.513046026 CET	64801	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:17.527256012 CET	53	64078	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:17.561032057 CET	53	64801	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:18.037728071 CET	61721	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:18.105757952 CET	53	61721	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:18.621613026 CET	51255	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:18.683682919 CET	53	51255	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:19.242006063 CET	61522	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:19.301213980 CET	53	61522	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:19.383714914 CET	52337	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:19.431706905 CET	53	52337	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:19.960886955 CET	55046	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:20.017901897 CET	53	55046	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:20.330508947 CET	49612	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:20.378616095 CET	53	49612	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:20.726655960 CET	49285	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:20.783520937 CET	53	49285	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:21.324168921 CET	50601	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:21.374934912 CET	53	50601	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:21.612437963 CET	60875	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:21.672024012 CET	53	60875	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:22.295068979 CET	56448	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:22.309864998 CET	59172	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:22.351502895 CET	53	56448	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:22.360703945 CET	53	59172	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:23.241532087 CET	62420	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:23.289668083 CET	53	62420	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:24.206784964 CET	60579	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:24.254822969 CET	53	60579	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:25.129127026 CET	50183	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:25.177232027 CET	53	50183	8.8.8.8	192.168.2.4
Jan 6, 2021 19:41:30.100172043 CET	61531	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:41:30.161057949 CET	53	61531	8.8.8.8	192.168.2.4
Jan 6, 2021 19:42:01.763622999 CET	49228	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:42:01.814335108 CET	53	49228	8.8.8.8	192.168.2.4
Jan 6, 2021 19:42:04.072012901 CET	59794	53	192.168.2.4	8.8.8.8
Jan 6, 2021 19:42:04.129332066 CET	53	59794	8.8.8.8	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 6, 2021 19:41:11.510298967 CET	192.168.2.4	8.8.8.8	d078	(Port unreachable)	Destination Unreachable

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: AcroRd32.exe PID: 7104 Parent PID: 6020

General

Start time:	19:40:30
Start date:	06/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Janette De La Caridad Guillen ASJ2 Records (2).pdf'
Imagebase:	0xff0000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: AcroRd32.exe PID: 7164 Parent PID: 7104

General

Start time:	19:40:31
Start date:	06/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Janette De La Caridad Guillen ASJ2 Records (2).pdf'
Imagebase:	0xff0000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 1668 Parent PID: 7104

General

Start time:	19:40:37
Start date:	06/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Imagebase:	0xb0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6648 Parent PID: 1668

General

Start time:	19:40:39
Start date:	06/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7285576016619014750 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7285576016619014750 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xb0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 4244 Parent PID: 1668

General

Start time:	19:40:41
Start date:	06/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=13665176154593383583 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:	0xb0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 4112 Parent PID: 1668

General

Start time:	19:40:43
Start date:	06/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5049533098483960058 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5049533098483960058 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xb0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6776 Parent PID: 1668

General

Start time:	19:40:48
Start date:	06/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11888547961166346982,3110281861747858717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14602781306462947134 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14602781306462947134 --renderer-client-id=5 --mojo-platform-channel-handle=2068 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xb0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: AcroRd32.exe PID: 7164 Parent PID: 7104 AcroRd32.exeCOMMON

Execution Graph

Execution Coverage:	13.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00BCF490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF49A

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7830058f739be9e807bb2883cc68450b3d0ad54f260b5cc72515f8eef6f4d6c7
Instruction ID: dc75ffabba8814b48a17d033f0984fb2a9035d733e297edd9a57b3a039a1f517
Opcode Fuzzy Hash: 7830058f739be9e807bb2883cc68450b3d0ad54f260b5cc72515f8eef6f4d6c7
Instruction Fuzzy Hash: 219002B235100412D10061998404706010557D0252F75C416E4915A59DCA95887176B1

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF01A

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ce89d5d638c499cf89f15ba4a9353a4f41a230c5012298037db8a4295a3c1566
Instruction ID: c581eb7e6567a2426aa1a94063c9e554690d0d28308266a161bb7c2a5cba608b
Opcode Fuzzy Hash: ce89d5d638c499cf89f15ba4a9353a4f41a230c5012298037db8a4295a3c1566
Instruction Fuzzy Hash: 03C04C9619EBD14FD30353701C759D22F605A9325276E81DBD4808F0A7C54806ABA373

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF31A

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6b0e49e62aaf32367c18b4e18acef3a91b20ead87f034af1d8f4553fc4695e7e
Instruction ID: 1f14c0301f252ee66b21e6df110de22638a0819805648e23fc3ebb19975f718c
Opcode Fuzzy Hash: 6b0e49e62aaf32367c18b4e18acef3a91b20ead87f034af1d8f4553fc4695e7e
Instruction Fuzzy Hash: E69002F239100452D10061598414B06010597E1352F75C019E5455A55D8A59CC7272A6

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF11A

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6cef22ba8517f1445852656ce91cddb37d02ff9edd3d0212ab3176af27751966
Instruction ID: 3ed44c08c7666d614783edf70731b5aa79830fd7454534b98d3d50788e5b021e
Opcode Fuzzy Hash: 6cef22ba8517f1445852656ce91cddb37d02ff9edd3d0212ab3176af27751966
Instruction Fuzzy Hash: 4F9002B235504452D10065599408A06010557D0256F75D015A5455A96DCA758871B2B1

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF79A

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2d3a4181f50a67ea5cbb07d62e5bf5e7c573b085f94f822ecb3ee7b96b0b511f
Instruction ID: 26e3dea896c42bfeab0cdb761e74b6aa3cf7b4b4d0381474557ec5c156c2cf89
Opcode Fuzzy Hash: 2d3a4181f50a67ea5cbb07d62e5bf5e7c573b085f94f822ecb3ee7b96b0b511f
Instruction Fuzzy Hash: 229002B235100013D140715994186064105A7E1352F75D015E4805A55CDD55887673A2

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF6D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF6DA

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 453c836ac7315fdc7ddca8c049f84ca66f2b46638ecaa7f34f4eb2f5d5457aa9
Instruction ID: 465a09edf5ea60179b39aad8b90334e8123a842b8562880c9d388c0f1d36c1dc
Opcode Fuzzy Hash: 453c836ac7315fdc7ddca8c049f84ca66f2b46638ecaa7f34f4eb2f5d5457aa9
Instruction Fuzzy Hash: 169002B235100412D10065999408646010557E0352F75D015A9415A56ECAA588B172B1

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF2D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF2DA

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 609d4ec934d80820c17be95c5a1f34e2b9cceb86d86d921df8e00783b05bcfd2
Instruction ID: 30cb670778274678d56fcf8907a14621337dca94910be3f64a19c8659533bc21
Opcode Fuzzy Hash: 609d4ec934d80820c17be95c5a1f34e2b9cceb86d86d921df8e00783b05bcfd2
Instruction Fuzzy Hash: 289002B236114412D1106159C404706010557D1252F75C415A4C15A59D8AD588B172A2

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF1D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF1DA

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7ad0004db5e6ea1a72979f14435f062ba1d59ce6376b1a9cd5b730a42e7990b0
Instruction ID: 9918b74e632fcd3d1b31f7d3a03c2f1573884ea35a078b67e3b3a8884a0b532e
Opcode Fuzzy Hash: 7ad0004db5e6ea1a72979f14435f062ba1d59ce6376b1a9cd5b730a42e7990b0
Instruction Fuzzy Hash: 069002B235100852D10061598404B46010557E0352F75C01AA4515B55D8A55C87176A1

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF05A

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: da6a0286f3ec37af36a24133cbb002be7764f9b8ca21499af6c6f0d1f9c08588
Instruction ID: 6c55b338d32cd10ece8d0e6d1269f09b0cb56311f4a20d98312035b5480b70a4
Opcode Fuzzy Hash: da6a0286f3ec37af36a24133cbb002be7764f9b8ca21499af6c6f0d1f9c08588
Instruction Fuzzy Hash: B49002B275500412D14171598454706011957D0292FB5C016A4415A55D8A958B76B7E1

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF35A

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0a982526819cb8d6284cbb06124953424569db33ba066e32f1fdfe41716d9d1a
Instruction ID: 1d28f8cc84da3763fe6bb75591b49d450728c1d969056bb61d4c38dfde1b1205
Opcode Fuzzy Hash: 0a982526819cb8d6284cbb06124953424569db33ba066e32f1fdfe41716d9d1a
Instruction Fuzzy Hash: 279002F235504092D11162598404F0A420957E0296FB5C01AA4445A95C89658972F2A1

Uniqueness

Uniqueness Score: -1.00%

Function 00BCF750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00BCF75A

Memory Dump Source

Source File: 00000001.00000002.874890235.0000000000BCF000.00000020.00000001.sdmp, Offset: 00BCF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_bcf000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9d9adaa82d18c7334ffd2c0d2a3b804777be0b53c66a7559b373ee51635b09a0
Instruction ID: 7258feafc68531a7033f7131bf19b585ad54808ba7a20bc2043926cd6484e6ef
Opcode Fuzzy Hash: 9d9adaa82d18c7334ffd2c0d2a3b804777be0b53c66a7559b373ee51635b09a0
Instruction Fuzzy Hash: F89002BA36300012D1807159940860A010557D1253FB5D419A4406A59CCD55887973A1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Janette De La Caridad Guillen ASJ2 Records (2).pdf

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Exploits:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

UDP Packets

ICMP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: AcroRd32.exe PID: 7104 Parent PID: 6020

General

Chronological Activities

Analysis Process: AcroRd32.exe PID: 7164 Parent PID: 7104

General

Chronological Activities

Analysis Process: RdrCEF.exe PID: 1668 Parent PID: 7104

General

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6648 Parent PID: 1668

General

Chronological Activities

Analysis Process: RdrCEF.exe PID: 4244 Parent PID: 1668

Function 00BCF490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00BCF003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Function 00BCF310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00BCF110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00BCF790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00BCF6D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00BCF2D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00BCF1D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00BCF050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00BCF350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00BCF750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON