Play interactive tour

Edit tour

Analysis Report KDeochand_02172021092904.pdf

Overview

General Information

Sample Name:	KDeochand_02172021092904.pdf
Analysis ID:	358581
MD5:	307203412f8eda57aa6a75f97adf0671
SHA1:	3127318e1daed695570f1411f836676ee1c5b399
SHA256:	ef50f6e4fa9092e19c38b72da3729cb9a4bd4f03b8da8643422641ba445b0c84
Infos:
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

IP address seen in connection with other malware

Classification

Startup

System is w10x64

AcroRd32.exe (PID: 7072 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\KDeochand_02172021092904.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

AcroRd32.exe (PID: 6344 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\KDeochand_02172021092904.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

RdrCEF.exe (PID: 3920 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6608 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1494442768575948879 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1494442768575948879 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6688 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2751167411369981556 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 4688 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12651656954935480189 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12651656954935480189 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 2796 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6466747421876913757 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6466747421876913757 --renderer-client-id=5 --mojo-platform-channel-handle=2136 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View

IP Address: 80.0.0.0 80.0.0.0

Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/)
Source: AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/_1
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/.
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/v
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/s
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#B
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#2
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#P
Source: AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/f
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000003.00000003.338927381.000000000BBA6000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000003.00000003.338927381.000000000BBA6000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/-yZ
Source: AcroRd32.exe, 00000003.00000003.338927381.000000000BBA6000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Jy
Source: AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/)y
Source: AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/3y
Source: AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/Oyr
Source: AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/myP
Source: AcroRd32.exe, 00000003.00000003.338927381.000000000BBA6000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/yu
Source: AcroRd32.exe, 00000003.00000002.505363727.000000000BA87000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comRLZ
Source: AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comgs
Source: AcroRd32.exe, 00000003.00000002.495988539.00000000097D0000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000003.00000002.495774152.0000000008E7D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0

Source: classification engine

Classification label: clean1.winPDF@13/47@0/2

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6344

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\KDeochand_02172021092904.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\KDeochand_02172021092904.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1494442768575948879 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1494442768575948879 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2751167411369981556 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12651656954935480189 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12651656954935480189 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6466747421876913757 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6466747421876913757 --renderer-client-id=5 --mojo-platform-channel-handle=2136 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\KDeochand_02172021092904.pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1494442768575948879 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1494442768575948879 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2751167411369981556 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12651656954935480189 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12651656954935480189 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6466747421876913757 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6466747421876913757 --renderer-client-id=5 --mojo-platform-channel-handle=2136 --allow-no-sandbox-job /prefetch:1	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: KDeochand_02172021092904.pdf	Initial sample: PDF keyword /JS count = 0
Source: KDeochand_02172021092904.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: KDeochand_02172021092904.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: AcroRd32.exe, 00000003.00000003.338927381.000000000BBA6000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 3_2_0122C003 LdrInitializeThunk,

3_2_0122C003

Source: AcroRd32.exe, 00000003.00000002.491172515.0000000005DB0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000003.00000002.491172515.0000000005DB0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000003.00000002.491172515.0000000005DB0000.00000002.00000001.sdmp	Binary or memory string: &Program Manager
Source: AcroRd32.exe, 00000003.00000002.491172515.0000000005DB0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection2	Masquerading1	OS Credential Dumping	Security Software Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection2	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	File and Directory Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://cipa.jp/exif/1.0/)	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/)	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/)	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/)	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/myP	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/Oyr	0%	Avira URL Cloud	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/.	0%	Virustotal		Browse
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/.	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/-yZ	0%	Avira URL Cloud	safe
https://api.echosign.comgs	0%	URL Reputation	safe
https://api.echosign.comgs	0%	URL Reputation	safe
https://api.echosign.comgs	0%	URL Reputation	safe
https://api.echosign.comgs	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/v	0%	Avira URL Cloud	safe
http://cipa.jp/exif/1.0/_1	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/_1	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/_1	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Jy	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	0%	Avira URL Cloud	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/3y	0%	Avira URL Cloud	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/	0%	Avira URL Cloud	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/)y	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/yu	0%	Avira URL Cloud	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
https://api.echosign.comRLZ	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.aiim.org/pdfa/ns/schema#P	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false		high
http://www.aiim.org/pdfa/ns/property#	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false		high
http://cipa.jp/exif/1.0/)	AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ns.useplus.org/ldf/xmp/1.0/	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfe/ns/id/f	AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	false		high
http://www.aiim.org/pdfa/ns/id/	AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	false		high
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/layout/anchor	AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/schema#	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false		high
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfe/ns/id/	AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	false		high
http://cipa.jp/exif/1.0/	AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/myP	AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/Oyr	AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/.	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/schema#2	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false		high
http://www.aiim.org/pdfa/ns/type#	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/-yZ	AcroRd32.exe, 00000003.00000003.338927381.000000000BBA6000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://api.echosign.comgs	AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://iptc.org/std/Iptc4xmpExt/2008-02-29/v	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://cipa.jp/exif/1.0/_1	AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Jy	AcroRd32.exe, 00000003.00000003.338927381.000000000BBA6000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://api.echosign.com	AcroRd32.exe, 00000003.00000002.505363727.000000000BA87000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.npes.org/pdfx/ns/id/	AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/3y	AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.aiim.org/pdfa/ns/field#	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false		high
http://www.osmf.org/drm/default	AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/extension/s	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false		high
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/property#B	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false		high
http://www.aiim.org/pdfa/ns/extension/	AcroRd32.exe, 00000003.00000002.504830624.000000000B8AD000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/	AcroRd32.exe, 00000003.00000003.338927381.000000000BBA6000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.quicktime.com.Acrobat	AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ims-na1.adobelogin.com	AcroRd32.exe, 00000003.00000002.495988539.00000000097D0000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/)y	AcroRd32.exe, 00000003.00000002.504255432.000000000B58C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/yu	AcroRd32.exe, 00000003.00000003.338927381.000000000BBA6000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.osmf.org/subclip/1.0	AcroRd32.exe, 00000003.00000002.491776832.0000000007FC0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.echosign.comRLZ	AcroRd32.exe, 00000003.00000002.504775009.000000000B84D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
80.0.0.0	unknown	United Kingdom		5089	NTLGB	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	358581
Start date:	25.02.2021
Start time:	21:42:07
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	KDeochand_02172021092904.pdf
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.winPDF@13/47@0/2
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 11 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .pdf Found PDF document Find and activate links Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 13.64.90.137, 52.147.198.201, 52.255.188.83, 23.54.113.53, 104.43.193.48, 104.43.139.144, 23.32.238.123, 23.32.238.129, 23.54.113.182, 51.104.144.132, 51.103.5.159, 92.122.213.247, 92.122.213.194, 52.155.217.156, 20.54.26.129, 184.30.20.56 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, e4578.dscb.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, a122.dscd.akamai.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, acroipm2.adobe.com.edgesuite.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, skypedataprdcoleus17.cloudapp.net, armmf.adobe.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
21:43:02	API Interceptor	10x Sleep call for process: RdrCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
80.0.0.0	vUp5vjYOoL.exe	Get hash	malicious	Browse
	2021-02-15__Mail-Degroof-Petercam_ENC.docx	Get hash	malicious	Browse
	InformaAllSecure_Enhanced_Health_Safety_Standards_2021.docm	Get hash	malicious	Browse
	Swift.pdf.jar	Get hash	malicious	Browse
	0001.jar	Get hash	malicious	Browse
	FedEx-Shipment-90161131174.jar	Get hash	malicious	Browse
	FedEx-Shipment-61821461149.jar	Get hash	malicious	Browse
	FedEx-Shipment-8161131174.jar	Get hash	malicious	Browse
	agenciatributaria5668.vbs	Get hash	malicious	Browse
	Statement for T10495.jar	Get hash	malicious	Browse
	Statement for T10495 - 18-01-21 15-23.jar	Get hash	malicious	Browse
	TREKSTA 2021 Business Plan..exe	Get hash	malicious	Browse
	SPEPAY13012021-20-00000009.pdf.exe	Get hash	malicious	Browse
	SPEPAY13012021-20-00000009.pdf.exe	Get hash	malicious	Browse
	2EB0.tmp.exe	Get hash	malicious	Browse
	muddydoc.exe	Get hash	malicious	Browse
	RQMofd68Ad.exe	Get hash	malicious	Browse
	https://awattorneys-my.sharepoint.com/:b:/p/fgalante/EcRfEpzLM_tOh_Roewbwm9oB4JarWh_30QaPZLGUdNbnuw?e=4%3aqmwocp&at=9	Get hash	malicious	Browse
	http://quickneasyrecipes.co	Get hash	malicious	Browse
	https://dck12-my.sharepoint.com:443/:b:/g/personal/tanya_mckelvin_k12_dc_gov/EbGhLtD47K1Cl18cC--Ad0sBxiRFwsui9s7PYb2eA-FMZg?e=4%3arCBWhd&at=9__;JQ!!P4oOa0cl!xjyiOci-WnHuSIjf0v9YP9XHTo1mHg1DdlnrlGItn8ysOUKeJHjzL7gjiYG6nZ8pLQ$	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
NTLGB	vUp5vjYOoL.exe	Get hash	malicious	Browse	80.0.0.0
	2021-02-15__Mail-Degroof-Petercam_ENC.docx	Get hash	malicious	Browse	80.0.0.0
	InformaAllSecure_Enhanced_Health_Safety_Standards_2021.docm	Get hash	malicious	Browse	80.0.0.0
	kF1JPCXvSq.dll	Get hash	malicious	Browse	82.12.157.95
	wEcncyxrEe	Get hash	malicious	Browse	213.48.143.199
	Swift.pdf.jar	Get hash	malicious	Browse	80.0.0.0
	0001.jar	Get hash	malicious	Browse	80.0.0.0
	FedEx-Shipment-90161131174.jar	Get hash	malicious	Browse	80.0.0.0
	FedEx-Shipment-61821461149.jar	Get hash	malicious	Browse	80.0.0.0
	FedEx-Shipment-8161131174.jar	Get hash	malicious	Browse	80.0.0.0
	agenciatributaria5668.vbs	Get hash	malicious	Browse	80.0.0.0
	Statement for T10495.jar	Get hash	malicious	Browse	80.0.0.0
	Statement for T10495 - 18-01-21 15-23.jar	Get hash	malicious	Browse	80.0.0.0
	TREKSTA 2021 Business Plan..exe	Get hash	malicious	Browse	80.0.0.0
	SPEPAY13012021-20-00000009.pdf.exe	Get hash	malicious	Browse	80.0.0.0
	SPEPAY13012021-20-00000009.pdf.exe	Get hash	malicious	Browse	80.0.0.0
	2EB0.tmp.exe	Get hash	malicious	Browse	80.0.0.0
	muddydoc.exe	Get hash	malicious	Browse	80.0.0.0
	RQMofd68Ad.exe	Get hash	malicious	Browse	80.0.0.0
	https://awattorneys-my.sharepoint.com/:b:/p/fgalante/EcRfEpzLM_tOh_Roewbwm9oB4JarWh_30QaPZLGUdNbnuw?e=4%3aqmwocp&at=9	Get hash	malicious	Browse	80.0.0.0

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	410
Entropy (8bit):	5.680193621470668
Encrypted:	false
SSDEEP:	6:men9YOFLvEWdM9Q6ki7Z+P41TK6trMen9YOFLvEWdM9QoZei7Z+P41TK6tDl:vDRM93nZiEphDRM9tZ9ZiEX
MD5:	EE95C952615604D872E14B2CC8142EC5
SHA1:	CE086A8F66747316D5EBC145D47EDC5EAAFA2830
SHA-256:	5CBE4CB8D5622081ADBAD21A1CCBC65128247B881FCF70A6D1A5ABB33B8F067C
SHA-512:	C3A8593B1A831CA712C49C90A6080AC668895FDC9BAC6800F238DC82ECB4E065B2CAA2E54ED1E03BFAAB1B7B5855715868EECC2CC451863A209E09A2DC0F82E4
Malicious:	false
Reputation:	low
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ......./....."#.D...."..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo......zS6.........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ...=.../....."#.Dalq."..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo........8.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.648654591048212
Encrypted:	false
SSDEEP:	6:mi9NqEYOFLvEkJ8Be7Ywcr1TK6t+/2i9NqEYOFLvEk0/+yR8Be7Ywcr1TK6tdi9r:V9zp9PQgl9zU1R9PQq9zA9PQF
MD5:	89134D889966D845DA845E952E87823E
SHA1:	729EE0CC13ED532902E808172F86CF5CF35DF89C
SHA-256:	64055EBEEF7DEBBAC846E5FCFC3EB364766DC36956A6AAC0EB4D1DBF84B6741D
SHA-512:	F4822908A8212B00D4A80233C678EC51BE5540950B43335A11124D4683B2D304D5B61E7DA3CC1F5A123AA34CE88DDD71F1BA990948AC81E8AEE3F720BF0CE2C7
Malicious:	false
Reputation:	low
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .y..../....."#.D.X!."..A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo.......4y.........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ......./....."#.D..."..A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo.................0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ..=+.../....."#.D.).."..A.1.x.'.vI..*\|Z..o...+.4....0..A..Eo...................A..Eo......K.RG........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	492
Entropy (8bit):	5.565124130035554
Encrypted:	false
SSDEEP:	12:DyeRVFAFjVFAFLYlUo6ji5yeRVFAFjVFAFTLNL+lUo6jm:tB4v4MSBi3B4v4f9+SBm
MD5:	5B436F81D58534FE5019D0540DB3C24D
SHA1:	AD0D17F3BBDF0F2D48868FEF6712A41088E16673
SHA-256:	621558EFA238874F100770EF2C4DE32D0B2AF320A4C250D50BED42F335062886
SHA-512:	E1D0CD159593796456C0936F185C2BC068ADC0A33D2BD713F2C0180C86478E495771FBBEF09BD79F5F4D82F130FCB069A9B7FEC7DC53684C388B68FCF54BDDC1
Malicious:	false
Reputation:	low
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ......./....."#.D..."..A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo.........k........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..<<.../....."#.D..e."..A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo.......z..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.666119911144175
Encrypted:	false
SSDEEP:	6:mNtVYOFLvEWdFCi5RsqL8iiWulHyA1TK6tI:IbRkiD74nWuss
MD5:	335D1027AFDD290610509DEF84533C2E
SHA1:	F38E5597511C2B4118B0C91AA73BF1F5FDF474A2
SHA-256:	A95798837D0F69D2F2A9E592163100FDC7D81D4AEE0844DD7F98D25AFC0BB0A6
SHA-512:	F63787A938F4A73F3D2AC9005A71DB6DED14DC04DC26F0D1E071DF940BF7CEF919AEEFD8AE52FBDF48CD70583843DDCCFBE05191D5FA9F039ED40BF7630FCD84
Malicious:	false
Reputation:	low
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ...!.../....."#.D..."..A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo........{.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.54384513588399
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVuIS1tPVyh9PT41TK6tvl:pyixRut1tPV41TED
MD5:	3BC004EE0FC539D1DF80A1C3F5FF8CE6
SHA1:	A0F9393EFFC33E8A8B78C354A20FEFC21535CE44
SHA-256:	F399C05E72327FEC4840185DA1286F43E5B8A1342A5CB11CD9FAC33E0B366E03
SHA-512:	76EA7C3FA23A864C8008ADC4D43848FDF201B3E4B7EE3DEBD79E5EC0EDF39A380FD99A4924418080EFDDCD0F5B3F4828A932D0C938049EAF2AD5FBD36696FBDE
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .;.<.../....."#.Dx.f."..Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo.........Q........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.593870126904982
Encrypted:	false
SSDEEP:	3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVZtliP9kVNco2sZI8xeGvP5m1TKQ:mvYOFLvEWdhwjQQ+9CNLZIl6P41TK6t
MD5:	1BEEA73B44CC6628B1EE9F29C7376700
SHA1:	9C59177C249ED03CEBD1566D967C98DCDAA4FFB5
SHA-256:	14CCE4E9A821661F738CCDDB77CAA95A86B027AB7A39C812D523AC1479743CFD
SHA-512:	A6B7FAE515C48A9BE910D3D4FBB5F5DBDB6BA5E23B4B69E432940D9EA635CF000CD642B021C836C021231513ECA4EFC14148AC0547FEE96030D696A2151F8108
Malicious:	false
Reputation:	low
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ...9.../....."#.DZ.O."..A.].>....uUf..N...k......c..l.A..Eo...................A..Eo.......,".........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.552478452492033
Encrypted:	false
SSDEEP:	3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVVQSll6WUQPcyxMtv9EWm1TKS:mJYOFLvEWdGQRQOdQ7SCW/6g1TK6t
MD5:	E18A68147D9F8093B5B0CD70FC9B01D1
SHA1:	22A580F551E882A5285B23FDA1084A620D12AFB1
SHA-256:	62794C128556AD05D64ACB69466AEC0166488CF0BDD23AFF65BC2E953522CB0A
SHA-512:	FADD2E34E05C8FB3A723F3E59FE17910A2850AF51637B5F27E9887032270E481A441301A26310E3FD5AB0A86F53DDCBFEAB993A03288AEA3B2859D0C4A3927AC
Malicious:	false
Reputation:	low
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .%.=.../....."#.D..f."..A..c..y/L....\|y.n..C/I.....X7-ne.A..Eo...................A..Eo........d.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	537
Entropy (8bit):	5.640121826158255
Encrypted:	false
SSDEEP:	6:mOYOFLvECMLorkMuR/41TK6tSOYOFLvECMLpSfIMuR/41TK6t2HeOYOFLvECMLTm:Z5MMrkMuR/EH5MVMuR/EAB5MHBMuR/E
MD5:	A4034134AA3054680CC0337910224EA6
SHA1:	F1F560B727E300E5E374D323E0914C836843F5B6
SHA-256:	4BE0ADE91A4CAF8B8639480E22539D9DEE262C4D3ED8C1FED4A13873BC576629
SHA-512:	A631691ABC4ABD30149E428A99A885EB0EAD4872CC2F678B0F4E32C0900A8B758A9BCF35CA9493E330F6D6ECF97E9EDBB500883D45B104DA343BC61EA6B017DE
Malicious:	false
Reputation:	low
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..B..../....."#.DW.!."..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......V...........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ......./....."#.D.."..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......pl..........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..S+.../....."#.D.Z.."..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......%...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.492767100049172
Encrypted:	false
SSDEEP:	6:m4fPYOFLvEWdtuHC/DMMby0zBUKSAA1TK6tl:pRKOrbeT
MD5:	C8F4785C80456308F1141FA7081A5A36
SHA1:	94FEED74A5342184214F52AD095E45CED546D6B5
SHA-256:	852C229ED6C8D6AAF95E051E22BFFA03BA4FA00B2CD3557327906134549A975A
SHA-512:	F2D8D850B979BDB100C06B110D85766E976BC7B35B5C17B3A3BFF305AB60BB2210C2C6A3D7A82854C1B3D30CEF2006E78D8C1004B535378C0B153DBB913A8317
Malicious:	false
Reputation:	low
Preview:	0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js .c.>.../....."#.D.;g."..AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......c(.y........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	531
Entropy (8bit):	5.583698129767417
Encrypted:	false
SSDEEP:	12:KkXxKMSCvKSEvtUl4wkXxKMSCv6p6vtUl7kXxKMSCvXWer9/vtUl:KkXxiCSSEvWrkXxiCCovW7kXxiCOelvW
MD5:	45633020B6FDE55C55C23DAED44F6FF9
SHA1:	A7D0D4871AEAEF5CE92552A0C31D6C4ADB68796C
SHA-256:	033D023C5935A7EC31BFB03256575E974D1D851FFA5E5DC691CC8C9BF68E1CC4
SHA-512:	7030057A3E76F511FF2ED7FD3E8D3B64931590D5F4271699063927DC41F156934BEC05141D0F695F6A9CBFD565494351C58BC5BFAEF1B9CE6D756775936DABBE
Malicious:	false
Reputation:	low
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ....../....."#.Dj.!."..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.......*zY........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ......./....."#.D.."..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......-.^.........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ..?+.../....."#.D.N.."..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......a...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	561
Entropy (8bit):	5.5862198920868895
Encrypted:	false
SSDEEP:	6:mkl9YOFLvEWsfOLyxwqyM+VY1TK6tOWkl9YOFLvEWsfOLF4ks7yM+VY1TK6t4kl0:5h6OLrkgph6OLFPrkJh6OLjkJ
MD5:	046AB2FB955039D1441EDAF64C2645A5
SHA1:	84B20C430B55B1FF5CF0441E1EA7F739B6482AFF
SHA-256:	03DE8EAB0F856F3B4045C5BDA5E71A9A114516C083E8458443A10CD808E3591F
SHA-512:	DCFCCB94E01FD9E2632A7E1D278020EF64AF7D8910D14AA137BFCF4ADE680284B13A753E915DEA2BFCD0748C831082CBC08936439A402DE4A10CCB166A4E96F3
Malicious:	false
Reputation:	low
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..!..../....."#.DV.."..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......&..Z........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ......./....."#.D..."..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo..................0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .g.5.../....."#.Ds.@."..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo.......1..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	488
Entropy (8bit):	5.6186214298931745
Encrypted:	false
SSDEEP:	12:URVFAFjVFAFqwSeKaTLn0RVFAFjVFAFj3wSeKaTLn:UB4v4qwzXLn0B4v4zwzXLn
MD5:	B1FBB8A61E26BA81088145244A72A111
SHA1:	9743DF4437F219B635EF959B2EAE534B6509A32D
SHA-256:	D68FA67E6C88C839994244329A55446E5FA5ABD740B1275EC78411D31BBA256A
SHA-512:	68DCB940B0D3052428FD595C4E703DEE3C2EB50C415A58511592E43BF51DBA3F8BD0DD1721D469E61C1D1D1821E7CF3D5F06FF966B4BC8A5780B54FF3BE67902
Malicious:	false
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .+...../....."#.DZH."..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......c..........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ...<.../....."#.D.9o."..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......t.q.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.505367351419244
Encrypted:	false
SSDEEP:	6:ms2VYOFLvEWdvBIEGdeXu7HHf11TK6t9l:BsR2Ese2
MD5:	FBE978187F0F6718ED0741390940CB57
SHA1:	7DF8E83922A680F1806B057D16FD5FCC7FFBC560
SHA-256:	4E1C657AFA5CFFFDDAAA33771964A016779BF333AE99C94FFCE29165A2355F43
SHA-512:	35B01C7E07C338B323B1F7CC338D7B50352DE3DCAF9DFEE183D562B6F6C9CD29F17D149E2791B383C7688C0D51B6A119E02EF4AF5C10395D922B20C4F6C18615
Malicious:	false
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..^<.../....."#.Dh f."..A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo......\.CM........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.626126773516933
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQgUwD64B7OhKlvA1TK6t:RbR16R64BJk
MD5:	8FA8C8DE48D8409CF75A280C65C47D42
SHA1:	0A4DC8513BE5160BDC509916F6021EAA0D24764D
SHA-256:	AE8BCD7959B834A89D2D0A8F349068A7BC7F4C0C5CADEEA7A310F7C3F0E40413
SHA-512:	95683FA7A9329D471E79B1E7C86FD38C7EC7B323BBBC7960DE80FBB2F90CEEE6B0AEB7B891DE1C2E875EDAE32BC424D73B0656AE9A24A2DD0320EEE5AE72B3B7
Malicious:	false
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js .r.9.../....."#.D.O."..A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo........q........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.559806628281912
Encrypted:	false
SSDEEP:	6:ms2gEYOFLvEWdGQRQVu9C/DDKPQdFt1TK6tY:B2geRHRQlQ0+
MD5:	C1D41225E1ADFEB00666BC4A23541E49
SHA1:	F39DA4DB054984DBABC5313DA59456745F3D7822
SHA-256:	C84F1D977447D54A454A0376887E55BD53BB66478BDE94B31875C2FEAD768174
SHA-512:	CFD914DFE08508F916E0D86F74CD518EA1B381FA1E0F8050A6DDB91412728F7F21D977A641950CD2810ADE61DE1DE6E944E742691B4DC8F79CD0F653CBC79DDA
Malicious:	false
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..Q<.../....."#.D..f."..A@..{o]...9o\|..qY....T....{..u.b..A..Eo...................A..Eo......@k].........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	412
Entropy (8bit):	5.59977098645473
Encrypted:	false
SSDEEP:	6:mzyEYOFLvEWdrIOQ3WdEt1S/1TK6tIzyEYOFLvEWdrIOQ3mt1S/1TK6t:WyeRlVEt1wWyeRlImt1w
MD5:	71C3CA4F9EE3C9958EF53359CBD6F8D9
SHA1:	471ACE8682636DB03943C859BCE20524F7EB2D11
SHA-256:	1DDFB8472ADDA61AC464C62F1DB9258AF1741FF438D88684E8737A47E7ABDEB4
SHA-512:	CA3D14BB9A6AD6F983223E9A00E8C671F5C4DF92D9B4F71CF35D60BC688CFF05FF787288E8F30AD3AED3E3982C57E5BD745D6F52A40059AAC2982D7C972DC768
Malicious:	false
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .c...../....."#.D.y."..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo........$........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..6.../....."#.D..F."..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo......3,mB........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.553487582560652
Encrypted:	false
SSDEEP:	3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvGHdLCl/lNqeiwJNqww6U+5m1TK5R:mnYOFLvEWdhwyumd8rqwK+41TK6tg
MD5:	7B36D39F0871EC589FB804A7F649B964
SHA1:	9A2E47B2D9A28BA9CB753BF32DDCDF3C70590608
SHA-256:	27702D422C829BB0CF22FEF43A2FE05770021F0D02B912D24AC8F744976A6D7F
SHA-512:	F367DB3C83FCB12C70EFC1B0E2F1CA8D9527DEE6D33E12828F2F28D4D786B0770C34DA84884FA4372782385B93CAD89A35D21CC1BC4CA97F72546E62C48C3F63
Malicious:	false
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ...8.../....."#.D.cO."..A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo.......C.$........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	460
Entropy (8bit):	5.6317740885238985
Encrypted:	false
SSDEEP:	6:mYXYOFLvEWdrROk/RJbumiaNGYfO441TK6tXw2YXYOFLvEWdrROk/RJbulQLnfOG:/RrROk/fdfLEdGRrROk/7nfLE4
MD5:	EDB97928D76E2C40A8E4BDB86D4517C6
SHA1:	4C7155960E8430D4C9389FFF610FB5D1CFA04D9F
SHA-256:	D9D1F006A21FE1D41B9AF506A7E6B129A61DD69E18B75FECE8E223B7843E6C2B
SHA-512:	D0A13A8EB8889F958CE7E41F3157985DDC07F17A8577088E095717EF6F78BCAC052ED4D691FA8084CE414541BD57859D03A8F5973A5FDDD883E9E65A452E5729
Malicious:	false
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..B..../....."#.DM.."..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo.......B.:........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .*.6.../....."#.Dz.F."..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo.......>3N........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	558
Entropy (8bit):	5.645582919387388
Encrypted:	false
SSDEEP:	6:mmDEYOFLvEWXIT21QPLr1TK6tuLemDEYOFLvEWXIKNSarG51QPLr1TK6t6mDEYOD:xqT9CPLnS5qT9xG5CPLnHqT3JSCPLn
MD5:	0AD048FA4478DA1F5967F522514A96CF
SHA1:	2C945343F6B20F7E305DCD7E1A7DF57E270B0CDE
SHA-256:	C74AE9312AD182F57FDD53B8232E30970275FC10A45EA04E759400A618FF28B7
SHA-512:	BE045695248AAAA5609F5D63626847A96B304CD81924DC9D81DD608F41FE1B8A55B35AF25C7FF028186A94C793A58158E059996567B0E51FC56F11A8E984C1F2
Malicious:	false
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .Q...../....."#.D..."..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo.......Pg.........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ......./....."#.D.O."..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo..................0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..5.../....."#.D .@."..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......n.9.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	414
Entropy (8bit):	5.645829437155807
Encrypted:	false
SSDEEP:	6:m52YOFLvEWdMAuO5OgZsEJ41TK6tz52YOFLvEWdMAulz9eIsEJ41TK6ty:zRMosDcRM1eIsD
MD5:	FD6B63014021B398425F8AABDAC2E014
SHA1:	5159B147388374FAE9ECF674376EC19A83DB8AE0
SHA-256:	625216B710BF7EB3A109E5F5F46D6D19C8F6F6F04195342F7A1DD562DBFF59B6
SHA-512:	B6D1AE926D2EF1E060F59F9E54B79AB8E7FFDB29CF07F98B03EE4C61FF2928FCEDC8F729735D83B229D58AC48713750614BEB76607CC64946B0742E7877B54D6
Malicious:	false
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ......./....."#.D.1."..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......\...........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ...<.../....."#.D>Yf."..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......j...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.630119460950582
Encrypted:	false
SSDEEP:	6:mYilPYOFLvEWd8CAdAuoFong1TK6tFwMYilPYOFLvEWd8CAdAunS6KGTFong1TKK:6lJRfFoM7wMlJREZTFoM
MD5:	69F7A987070293DC5FFB142723D7796E
SHA1:	D48791913D3B6E467A29A92A506FC800379B52E4
SHA-256:	1055F0319DBD699E5954AC16C7AFA7424249CD5192C8F7764839F57F43C18E3A
SHA-512:	FAA9C49628A4CB3554D21B4794D57F917C50B76E93918075B38A0B856BCDB610827A43DDF4A58BC01EB97CD1CE362AB6FBE98BF1A2EA4A0E0A7EF84A83DFF0DE
Malicious:	false
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .!...../....."#.D..."..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.........]........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .U.<.../....."#.D1xf."..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo........}........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	5.6308564870717985
Encrypted:	false
SSDEEP:	6:mY8nYOFLvEWdrROk/Iun/NOe16wG1TK6tn9/EY8nYOFLvEWdrROk/IujvOe16wGJ:F8hRrROk/N/ce2BN8hRrROk/Me2
MD5:	F1D50B4724AB8E8B3C3B54CAC89FB247
SHA1:	172E2904520A973E699E89875F30D68574F03B8D
SHA-256:	6B15B7C05579DFF4734CEEDE1DC0608E24751F0A3392B9C597BFB2051D45207C
SHA-512:	0C1650A94D1752236648D2CF39095B5CE834D2A3591BFC52A695489A9183B1CA74DCBDB65EDEEDE4ACC266CFEE1FA3E5B686D15944BA8CD8FDE1CBC94A454527
Malicious:	false
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ......./....."#.D..."..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......]U.........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .!X6.../....."#.D..F."..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo......t.m.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	426
Entropy (8bit):	5.681050239157702
Encrypted:	false
SSDEEP:	6:mLrnYOFLvEWdrIoJUQgkQseqrNJIi1TK6taELrnYOFLvEWdrIoJUQzirNJIi1TK0:ehRcCQ/qrNJICEQhRcSirNJICT
MD5:	C6C67BA413A1834E1C1A3371B36F803E
SHA1:	9588FBB0FB2F85BEAAF9267329575123A02F4D1F
SHA-256:	DF45701FFC47D79E919E4B30B0E2E819D33499B3C287A901DC7BC819A94F6DF3
SHA-512:	3B54799BEF427761E221E0C75FA19DB6C9DCB92E921B17419731ACFFA5C0415AEA90277608039C30AC8FEC844F721F6451C87190A5CE8F0F52DC87F4D0ADF306
Malicious:	false
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ....../....."#.D.u."..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo........T.........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ...6.../....."#.D.>G."..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......-...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.591261392981657
Encrypted:	false
SSDEEP:	6:mOEYOFLvEWdrIhuRXl2I/5/ZLzgm2d/1TK6tc4OEYOFLvEWdrIhuhVLj0HKh/ZLc:0RBz/5ZReeuRhoHyZRe
MD5:	70CF061188B561B4772237E8A8D161B9
SHA1:	B461C7BE9CDA27ED25C7A9D7F2212AB4C5B6BE3C
SHA-256:	707F3F83929DF52E1E6A98146C5A4692BA07B24CDF4156333A6923C6E5BC7919
SHA-512:	E3ED4A560D4D0D65AD40995DD5F42E057850D4ABAEC717E67EEA39CB8991BFF001C4A248FA1C5C2946A599BA8B12E967A8F3198457171D7693E7D244AEBCDD61
Malicious:	false
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ......./....."#.D.D."..AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo.......P.4........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ..T6.../....."#.D..F."..AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo......qNqP........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	564
Entropy (8bit):	5.636627700225641
Encrypted:	false
SSDEEP:	6:mAElVYOFLvEW1Kd9pdhkx56uvp1TK6trH/2AElVYOFLvEW1KsSK2kx56uvp1TK6M:6JJKd9zK1fKJJKstWJJKLO
MD5:	89BB81836FC428F7DABD59B6C490C3F2
SHA1:	232D43E85D6E00428313936D36A838D4BDF42F45
SHA-256:	AB50EED7B5B4B4063AF8961BC57549E69EB12DA42F6721FED89EBDBB0A92614D
SHA-512:	C3A8EACBEE4C471E9C688E2C873F192FA3435F68E91A747892D74BCE98794C025FB8435C15B84AA48EE71040266891E8D392588970B8F955D909F99CC41BAE63
Malicious:	false
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .T...../....."#.DVD^."..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo..................0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .cC..../....."#.D.s.."..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......L.#.........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ...-.../....."#.D.'+."..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......n$J.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.63507043799817
Encrypted:	false
SSDEEP:	6:mWYOFLvEWdBJvvu6JIyhUDLYtmOZn1TK6t:xRBJsHDcFZL
MD5:	6A674DA9FB9510FD924715FDDC3F1D6F
SHA1:	BECBBB821A04FF43B3557ABBDBEB0886DD99C209
SHA-256:	CE474DE4EBD56B135CF1E5F2BE3AD0B7D15911AA356505ECE3D445F4E571AC07
SHA-512:	38305CC58CD120BFE04AE98C5333729A215F434D60E2FE536BC513FCFC1F91D378D82549518A840A1CCB8F535E79AE091C30011E6FC3B5DAE8A0B2B446FEDF73
Malicious:	false
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ..<.../....."#.D;:f."..A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo......*:..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	633
Entropy (8bit):	5.6409170740455705
Encrypted:	false
SSDEEP:	6:msRPYOFLvEWIa7zp7A2I7VPu1TK6tt/2sRPYOFLvEWIa7zp7T/ZpRVPu1TK6tU+c:BPHm2I7cdPH3jcvPH/zIRcSl
MD5:	363CE4A15DC47086D9B6D1E9D5570ACA
SHA1:	A4DC6B6015815B95BF4652AA32F259F59B6E04ED
SHA-256:	6632D33FC38B90EB2838CAA44D110C8BFB069783649EF9CC4828D537863C1859
SHA-512:	3C7964A01E6758C83A83B8D4F5FFC041AE40315AAF8F4D439F39094199D6B5E3FAC0AC201D05C1B2133078D9DAF17ECCFB2EA7E4C1F96269AD099E4AF9EA32D8
Malicious:	false
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .3%..../....."#.D..#."..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......\..........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ......./....."#.D...."..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo..................0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ..U+.../....."#.D...."..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......+v!_........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.6000655393756
Encrypted:	false
SSDEEP:	6:mKPYOFLvEWdENU9QR94r9JwiM3Y1TK6t:bJRT96+r9er0
MD5:	74D1F6689A6733B560FFEF7D01C59FB9
SHA1:	AE94F4464ADA8A2C0E4E93DB290B456CDC5A6E9D
SHA-256:	4C6F668A35372E5BF11375795E4B673D8921E4966789A10DDDFB2D7ED749F1D9
SHA-512:	3E20EE13CD0A7F0400FD5B52336D618CA278080C7D03EB3495FA549CABC320FFB5F8571728D50BD08C1EB8A31EA89CB90ADB6CBCBA2FCDE878F7FE3979D7245C
Malicious:	false
Preview:	0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js .>.9.../....."#.D..T."..A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo.......V.~........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	modified
Size (bytes):	208
Entropy (8bit):	5.598668933339767
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQL+lOaejBRCh/41TK6tx/:XRc9xl1eDi/EP/
MD5:	6BC03A72AA16086113FED46E3793D12E
SHA1:	CC606B89BCF19A6157E2DA0E0517CE7A5A5E03C9
SHA-256:	312509E29E8F83FE6012E24CF4F00A5019D73EAAB90AB6DCCF1CCEA20E2EA50A
SHA-512:	3A46B1A29A52E8080EE5FC91C4F39C97D23A74F56C84F68A6FECDF3BB753AEAFA38BFB47C0413F97B90843145A2C9F9BE75D3887DDF5585450DE36124EEAE405
Malicious:	false
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .#.=.../....."#.D.?t."..APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo.................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.564877666861382
Encrypted:	false
SSDEEP:	6:mqs6XYOFLvEWdFCi5mhueW7wVULlF4r1TK6tY:bs6xRkirw2LlF4n
MD5:	9F2CC2A38515E59F7171B486CC011641
SHA1:	4F6682323613003D72FB985D00AAB0B25BC3539C
SHA-256:	EDE26B20E4E1E175876E3F669E300B857B6440A2FB74EA190FB3CA4EECB86795
SHA-512:	A9BBFD50C9491ECA14703AF28CA402410AE0061CA3BD6C8F0D62E7FA5505C1FE260CBC2929E62C07A16460B0A2C7264D7FF571861A73DBB7973FDA2C9D698DD5
Malicious:	false
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ......./....."#.D..."..A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo......."@.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.506561842364582
Encrypted:	false
SSDEEP:	3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFv6bbiRll845qECcu1isLK5m1TK59:mhYOFLvEWd/aFuObuU8/N941TK6t
MD5:	4DC7929EF464CF6E5933A777F387D9DB
SHA1:	F5D2EDE18FD73330A536FE74BB8F4879E58A4C16
SHA-256:	D64383C367282CBBC694FCFCB044449B172C4FC29D74F169E9C404902C00298E
SHA-512:	586D072C8E77D418680F37A8367E81F3D8BBA3634FA6F5DDC60AE0C4486AC97FCEE98F9CCF698E282A16F79EAA8653F1E0F8EBDB4138B4F9B0F5E68414CC283A
Malicious:	false
Preview:	0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ..>>.../....."#.D4Mg."..A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo.......*..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.5521347730220425
Encrypted:	false
SSDEEP:	6:mR9YOFLvEWd7VIGXOdQl6/i3oBMqVd3G4K41TK6tP:2DRuR2AB9Vd2kR
MD5:	873E07F2C5B8B009C0AE83E26C720208
SHA1:	194D7D7BB530431A509B9C322F50F0BB6C9CB299
SHA-256:	10678E6EB6A275AE2615868C5DEEC46173182E5D1233EDB9BD7C4B4606016931
SHA-512:	40B301FBE1D8D56B48D254A96091EFDBB96EC14B501C804E8DB3544B6D45F2247BE108A1CFEA9AE00D6CDFC097D280C64C4786ECF1DDFF9B2F3523144BAC2DE7
Malicious:	false
Preview:	0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js .\|.>.../....."#.D..f."..A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo......<z.%........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.617698529589931
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9QhwmKwuA424r1TK6ty2kqYOFLvEWd8CAd9Q8pllMtuA424r5:+RQSwmYrngORQVllBrn
MD5:	F724A7F7687A498DDE0C55B585F974DD
SHA1:	480A70BD43AE004450A58842F5A4AA00DB36568C
SHA-256:	850CDAB10A931257584D8E74B36E64E56E30C6BC9344C1DF3FAF927ACEDFB1C5
SHA-512:	33B84E62F41ED77939DCCD61DDBEAC27EAC6D27B98B93B2F4B635F39AB2AD684D0BDB07D4826FB39951B327D66627372EE9DF78A87165DC945F5726219F69AA8
Malicious:	false
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ......./....."#.Dt.."..A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo......V.1.........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ...=.../....."#.D..t."..A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo......d...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.553697708132706
Encrypted:	false
SSDEEP:	3:m+lS5Etla8RzYOCGLvHkWBGKuKjXKVRNUp/KPWFvVN+/l7RmlAg2iHio/Mm1TK5M:moXXYOFLvEWdENUAuNacAyC8n1TK6t
MD5:	7D42C79EF59CDEC8D385DB63EF3EDAD9
SHA1:	B7423ABA0687D42802A901B28829A0756D57CAE5
SHA-256:	094C79EF721BC95CA5B899F9AD3517726DC242A70BF1B9CB43B31C9415233AE4
SHA-512:	B899C0E82696468ECCDAE15AAB09F2CBC89929797D0C0D613215D0D73A632D230338CE5F60A6DDC4A3B03B40DB655B899AD87AFB000A826D67520F72FF0A003A
Malicious:	false
Preview:	0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .r.8.../....."#.D.LO."..A8.../...;.\\o....1..........+..A..Eo...................A..Eo........X&........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	442
Entropy (8bit):	5.630157902678952
Encrypted:	false
SSDEEP:	6:mQZYOFLvEWdrROk/VQfh5LDLmB41TK6trt2QZYOFLvEWdrROk/VQSHHLmB41TK6C:nRrROk/VscmHRrROk/VMmC
MD5:	A2966A699ACFD22BE927ACC0B37DF8C7
SHA1:	3E16C54BFDF86EA8ED61D38C7B2590C5F674DFC4
SHA-256:	07F626A0687345CB5257509E964F48D791C81533F06B11DF82994878FC05C4A4
SHA-512:	078823C5BB31E118ED46CB3C764F06E984DB63CD5D61C2D04ECA9A67A57830CFB90184B0BFCE46353D3E8385EF7246BC83B74F5E9E66D2D4067282B43A10090C
Malicious:	false
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ......./....."#.DM.."..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo........]V........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ...6.../....."#.D.RG."..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......./.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.52267543563138
Encrypted:	false
SSDEEP:	3:m+lUV/la8RzYOCGLvHkWBGKuKjXKjcAW6KPWFvvlllSVkHobk9mZa6tokP5m1TK+:mZ/lXYOFLvEWdccAWuL4Adm9741TK6t
MD5:	250F88890C940EBB202F8ABDD3F89688
SHA1:	F617B3A9EC2CBFE6812B748C40BBD2B306CD63C4
SHA-256:	C6C6C4533AD717FB888E42DB6AAF2FC82FEB51A70F36A796BE38A776C930F8E0
SHA-512:	D4A7E86E1A516581DE95CA568641165792E24848C2A34FF8FAEEDEFCA5F78370AF3DA326D3077D7592E7EF217EB8DA68A2308E79BDE0869BAA61C1367401CE02
Malicious:	false
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js .g><.../....."#.D-Ae."..A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo......pE%'........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.556120323524061
Encrypted:	false
SSDEEP:	3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvToWldKTu6shoq+Nem1TK5ktI9:mMOYOFLvEWdwAPVuRozJn1TK6tA
MD5:	2986A49ABE1B1B5C082E4F393873CE6E
SHA1:	F83E37D9FA1BECDF74ADF10BBBCCC1569713534B
SHA-256:	5E9D954295588A184621E607AEC616E7B24A6466639DF7623DC85A240383CA49
SHA-512:	3069406B385141B9F47925614995030C5C00F8E96A8B671AE6CD21ABC1D7A3BE566E5C9BA4D5351C6E1989C46BA6E402FE90451BF71A18BECBC4EB6B1C1F0B13
Malicious:	false
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js .n.8.../....."#.DZ+O."..A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo......^%\x........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.633428001301942
Encrypted:	false
SSDEEP:	6:m3PXYOFLvEWdBJvYQslJzhcsBXIh1TK6t:mxRBJQJJDB0
MD5:	7C14D8A95C3DE80595A9E5535A6AFA9C
SHA1:	F6C2C24440A659AAC80B4427E1E16C87A3E04A21
SHA-256:	D71F544C45E1913C4B16861CDFDB0C80D13C051F894C9402F919B67A989A10A0
SHA-512:	A438D228EFFAB110A5468B2395DEBD51FC62C58DF7D4BB6E5672D0544D461329910E5DDA5282078C0DCD75399B3690C040D2730E6CB2517CEB9BC6A6808B3625
Malicious:	false
Preview:	0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ...=.../....."#.DQjg."..A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo.......!K'........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	456
Entropy (8bit):	5.622437568785053
Encrypted:	false
SSDEEP:	6:msPYOFLvEWdrROk/RJUQ7W287PHc3Me/1TK6t9sPYOFLvEWdrROk/RJUQMugHc3Z:3RrROk/sfPHcmRrROk/slHc
MD5:	8681139A58BBA27026C8A325E9DA6E62
SHA1:	2A7C98FB55407BAA7ED69F4B84165AB155EBE63A
SHA-256:	AC30E867FAB17A6A2B8829CF9DEE2601A6C1C1329E215E1CA658855385BEF975
SHA-512:	DCC8B387401C0A48A94CB35FDEEAD7E8CEF784F57A39B735DA9467DB4DE2C1E6A7E8D3D39C78564ECDCCB7CA95840FC74069B94ABC6408FBC9AF65F87C23D3BC
Malicious:	false
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ......./....."#.D..."..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo.........i........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...6.../....."#.D..G."..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo........1.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	2016
Entropy (8bit):	5.256473010572155
Encrypted:	false
SSDEEP:	24:YBwGnoTj663MK8mSBzg5PByfcLHACCVejrMSym4/YW/hndoGEkk/:JGnojTcmSBo80A8rF0YW/oFL
MD5:	6CFA03B464D46BC9A3E37B4F53D99077
SHA1:	3E86965D4D91A991F137EFE44AEF5202DD51D8EE
SHA-256:	5FD5F3D94B2B78C4892285C5763EFA2FBBF8386FE4A03C3150813D82062EC10C
SHA-512:	EFCB45D0B581C50AE7FBF1B2BB5FD8D14BD3C14A60E7BFE5F450D799FB82389BF892A5C6985A7E6D281E387AA8A36A76B5A6A02E7F3C88DFF367D2E7C1FDD945
Malicious:	false
Preview:	....U...oy retne....'........'............;.y~A.@...................@....................oB@..................#...(@...................k7A.@...................D.4..................[.i..%.................<...W..J@...............,+..._.#@................J..j.....................6<\|...@...............A?.2:...................+.{..'................)....J:..................2q....@.................P....V@...............+.U.!..V...................P[. q@...............!...0.o.................u\]..q.......................@......................................o..k..................^.~..z.....................o.@...............Gy.'.h.@...............F..=z;.@.................3...@................v...q..@................C..M..@.................a....@................~.,.4>.................&.S....................@..x................=....m...................;/...@....................q....................MV3..................:..N.A..@...........................b/g5oy retne

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	298
Entropy (8bit):	5.215802520814885
Encrypted:	false
SSDEEP:	6:mN24UZNADM+q2PN72nKuAl9OmbnIFUtpe24URdWAgZmwPe24URdWADMVkwON72nC:40cM+vVaHAahFUtpoIsJ/PoIscMV5OaC
MD5:	ADEECBFB0B5ECE8DF2D6646DA7F93FF2
SHA1:	B7E224601E4169D7B1EB168490946E0361ACEC5A
SHA-256:	42593E978C66079D485600BCB35F819E67DE03AB6E82136CB8A773244CC63ED6
SHA-512:	C9E97A745ED796EC42A350E3E9F0C34E6CCBD2702F9E913B9C31C427BDCF2218AED7811990092897D71AA8DFEEC8A18A9398E93F0BF58526DFC5CDB3C983C671
Malicious:	false
Preview:	2021/02/25-21:43:09.553 178c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/02/25-21:43:09.554 178c Recovering log #3.2021/02/25-21:43:09.554 178c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	0.007582230897837807
Encrypted:	false
SSDEEP:	24:T+X8I5mv+X8I5mv+X8I5mv+X8I5myrY5mrY5mmHY5mmHY5mm:To35Oo35Oo35Oo3525T5K5K5
MD5:	FC7A086C4501F70F5AE55709A2008522
SHA1:	2C24D0C04612D9EE48864AE2D038428C352BFE7D
SHA-256:	F076C341E736A7FEB4C45907C71391B74EE1134CBB48700ACB16267069288480
SHA-512:	6E4BF512BEED6FBE76B3DD859EB3EBD8C75E743949429100ED8FA0D2877F0374986D350370895DEE3FEBCB56BD92F9297D88BB7A1C9D6095C1F8846DBAB29378
Malicious:	false
Preview:	VLnk.....?........`.N.7................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210226054303Z-234.bmp Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.9396089247104182
Encrypted:	false
SSDEEP:	384:zzPqloLquY9EQvXlAwOGSz97OXD9l8j5CwzEnlIrnbHyvH++2swFkF5AUUtShJoa:fPtciQ9ZOGSBqLE5CwYn6rnTKwswSt2A
MD5:	CD7A0D6AB23B62209B7A9D503929A10C
SHA1:	D070566D387306A790A5BA70734429FACDB3CEAD
SHA-256:	356C55F232A50404A43994F4805EBD0C4A44BC9C4DFF6C4F3258124862F15686
SHA-512:	D9AA57CC8C470BF08037DC57B4B2BE2FF79D173F4ED142A3A8A4D96787084E5A3E44FBB8CB58C368AABA39746176BEBDB360F69A3874A3F0B8462F64E9DB0DD9
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3024000
Category:	modified
Size (bytes):	32768
Entropy (8bit):	3.387063156171403
Encrypted:	false
SSDEEP:	96:iR49IVXEBodRBkQvOhFVCsL49IVXEBodRBkR6vOhAVCs749IVXEBodRBkl6vOhCF:iGedRBxedRBoedRBsedRBh
MD5:	DFD28B0F06B66365358D2C42391ABB98
SHA1:	E376A121327ADF8A26920372DC5CD8773D0B7B5A
SHA-256:	CF5B3EC919121A8235CA82E6D478CA87C3B890B1CC36F81079E8C5C943D3DCE0
SHA-512:	7B82DEECD2749665EAC930057C11F11164DE3AF047FEF17D29807BA2189291BD263271126AF78B72F780C230A6AEEEE04C9293D85EAF7EBFEC08E81573BDF962
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	34928
Entropy (8bit):	3.199359419584698
Encrypted:	false
SSDEEP:	96:2A7OhFVCPcn949IVXEBodRBkSvOhFVCsDLR49IVXEBodRBke6vOhAVCsFd49IVXH:2AIiedRBILGedRBSCedRBYyedRBY
MD5:	319318B0675ED9232F186E9A11A9D8CE
SHA1:	D58E631519EC7DB7B7DCC16352D5140F724F4ADC
SHA-256:	E1F2C71340C75C4EE8F7CDD2A3264A91EAB3ECF7B84AF1DC6FC4ABD79E22C761
SHA-512:	15BB63FB904AA9CD071A7F8E27ACCCECC366F7EDD7E35FAAA94AEA5CE381E9E1D502164091F8EC1F24056205790685C7562373D7BCEF81BAB91D9D0286B2BFD5
Malicious:	false
Preview:	............F..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................X...h...y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6344 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	157443
Entropy (8bit):	5.172039478677
Encrypted:	false
SSDEEP:	1536:amNTjRlaRlQShhp2VpMKRhWa11quVJzlzofqG9Z0ADWp1ttawvayKLWbVG3+2:RNj3aRlQShhp2VpMKRhWa11quVJX2
MD5:	A2C6972A1A9506ACE991068D7AD37098
SHA1:	BF4D2684587CF034BCFC6F74CED551F9E5316440
SHA-256:	0FB687D20C49DDBADD42ABB489C3B492B5A1893352E2F4B6AA1247EFE7363F65
SHA-512:	4D03884CA5D1652A79E6D55D8F92F4D138C47D462E05C3E6A685DA6742E98841D9C63720727203B913A179892C413BFB33C05416E1675E0CF80DA98BE90BA5E4
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Marlett.FamilyName:Marlett.StyleName:Regular.MenuName:Marlett.StyleBits:0.WeightClass:500.WidthClass:5.AngleClass:0.FullName:Marlett.WritingScript:Roman.WinName:Marlett.FileLength:27724.NameArray:0,Win,1,Marlett.NameArray:0,Mac,4,Marlett.NameArray:0,Win,1,Marlett.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.FullName:Arial Bold.WritingScript:Roman.WinName:Arial Bold.FileLength:980756.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial Bold.NameAr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	63598
Entropy (8bit):	5.433041226997456
Encrypted:	false
SSDEEP:	768:PCbGNFYGpiyVFiCUZ0ldkoEKTEouWPviwco65suXdkByYyu:J0GpiyVFiB0luoEKwECXXdmyK
MD5:	969850C6782084902F0BC625A1E8A1F2
SHA1:	E83C7D509801472541B7F3D51C29722F97918584
SHA-256:	C5894331ADFE2CB48B1D7F13F29F141193280B2ECB161FF116FBDB6F708EB741
SHA-512:	C4E9944BE4DE79BE3E3171D88496452186314EB3217AD7AD7CCCDE3622B86FCA7FEED0A7E3DD4ECF544808822F551448BAB1297BE1DE7F01110DBB56A742E09E
Malicious:	false
Preview:	4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

Static File Info

General
File type:	PDF document, version 1.4
Entropy (8bit):	7.997970403444978
TrID:	Adobe Portable Document Format (5005/1) 99.96% Bio-Rad Image(s) file (2/1) 0.04%
File name:	KDeochand_02172021092904.pdf
File size:	448714
MD5:	307203412f8eda57aa6a75f97adf0671
SHA1:	3127318e1daed695570f1411f836676ee1c5b399
SHA256:	ef50f6e4fa9092e19c38b72da3729cb9a4bd4f03b8da8643422641ba445b0c84
SHA512:	4f35375a0fb945df80e4bd81c5f480998bee3980e7d016afe08832080934439b8f983b64da87ac3706dcf7137665eb87ae4a4e4e1e4d4a13d5691e11e6a48424
SSDEEP:	12288:5Hzf863QfoK995SCx5MqzIa2XPJvSWJKeeBJc7V6A:5FAft5SCnFz4fJaWJLeB2r
File Content Preview:	%PDF-1.4.%.....1 0 obj.<<./CreationDate (D:20210217092908-04'00')./ModDate (D:20210217092908-04'00')./Creator (VersaLink B7030)./Producer (VersaLink B7030).>>.endobj.23 0 obj.<<./Type /XObject./Subtype /Image./Width 1700./Height 2200./BitsPerComponent 8./

File Icon


Icon Hash:	74ecccdcd4ccccf0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.997970
Total Bytes:	448714
Stream Entropy:	7.997984
Stream Bytes:	447255
Entropy outside Streams:	4.556598
Bytes outside Streams:	1459
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	8
endobj	8
stream	2
endstream	2
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 25, 2021 21:42:46.441791058 CET	58377	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:46.493304014 CET	53	58377	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:47.638658047 CET	55074	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:47.689258099 CET	53	55074	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:48.408201933 CET	54513	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:48.458432913 CET	53	54513	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:49.114682913 CET	62044	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:49.178693056 CET	53	62044	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:49.201194048 CET	63791	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:49.255644083 CET	53	63791	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:50.483288050 CET	64267	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:50.531766891 CET	53	64267	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:51.747328997 CET	49448	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:51.799906969 CET	53	49448	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:52.830135107 CET	60342	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:52.878539085 CET	53	60342	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:53.814635992 CET	61346	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:53.865526915 CET	53	61346	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:55.594999075 CET	51774	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:55.646603107 CET	53	51774	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:57.373842955 CET	56023	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:57.422439098 CET	53	56023	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:58.548209906 CET	58384	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:58.597127914 CET	53	58384	8.8.8.8	192.168.2.6
Feb 25, 2021 21:42:59.513309002 CET	60261	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:42:59.564799070 CET	53	60261	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:02.018976927 CET	56061	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:02.072415113 CET	53	56061	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:04.922579050 CET	58336	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:04.971487999 CET	53	58336	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:06.932507992 CET	53781	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:06.981266975 CET	53	53781	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:12.044919014 CET	54064	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:12.046108007 CET	52811	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:12.103632927 CET	53	54064	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:12.105873108 CET	53	52811	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:13.046303988 CET	52811	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:13.048011065 CET	54064	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:13.097836018 CET	53	52811	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:13.106635094 CET	53	54064	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:14.093228102 CET	54064	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:14.093327999 CET	52811	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:14.107877016 CET	55299	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:14.142025948 CET	53	54064	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:14.142255068 CET	53	52811	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:14.159382105 CET	53	55299	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:16.139161110 CET	52811	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:16.139659882 CET	54064	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:16.198785067 CET	53	54064	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:16.204894066 CET	53	52811	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:17.835803032 CET	63745	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:17.884814978 CET	53	63745	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:18.782193899 CET	50055	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:18.831046104 CET	53	50055	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:19.619719028 CET	61374	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:19.669631958 CET	53	61374	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:20.142719030 CET	52811	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:20.143037081 CET	54064	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:20.192467928 CET	53	54064	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:20.199990034 CET	53	52811	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:22.978154898 CET	50339	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:23.029452085 CET	53	50339	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:42.927797079 CET	63307	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:42.988293886 CET	53	63307	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:49.728521109 CET	49694	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:49.783843994 CET	53	49694	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:54.170238972 CET	54982	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:54.234391928 CET	53	54982	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:54.757750034 CET	50010	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:54.817749977 CET	53	50010	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:55.364813089 CET	63718	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:55.417145014 CET	53	63718	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:55.845597982 CET	62116	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:55.903414011 CET	53	62116	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:56.357719898 CET	63816	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:56.415352106 CET	53	63816	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:56.952369928 CET	55014	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:57.009663105 CET	53	55014	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:57.635827065 CET	62208	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:57.684779882 CET	53	62208	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:58.562890053 CET	57574	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:58.618010998 CET	53	57574	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:59.259452105 CET	51818	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:59.332570076 CET	53	51818	8.8.8.8	192.168.2.6
Feb 25, 2021 21:43:59.563371897 CET	56628	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:43:59.617242098 CET	53	56628	8.8.8.8	192.168.2.6
Feb 25, 2021 21:44:00.120451927 CET	60778	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:44:00.174098015 CET	53	60778	8.8.8.8	192.168.2.6
Feb 25, 2021 21:44:27.485951900 CET	53799	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:44:27.536952019 CET	53	53799	8.8.8.8	192.168.2.6
Feb 25, 2021 21:44:27.862958908 CET	54683	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:44:27.928977013 CET	53	54683	8.8.8.8	192.168.2.6
Feb 25, 2021 21:44:30.077200890 CET	59329	53	192.168.2.6	8.8.8.8
Feb 25, 2021 21:44:30.145104885 CET	53	59329	8.8.8.8	192.168.2.6

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: AcroRd32.exe PID: 7072 Parent PID: 5884

General

Start time:	21:42:53
Start date:	25/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\KDeochand_02172021092904.pdf'
Imagebase:	0x1360000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: AcroRd32.exe PID: 6344 Parent PID: 7072

General

Start time:	21:42:54
Start date:	25/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\KDeochand_02172021092904.pdf'
Imagebase:	0x1360000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 3920 Parent PID: 7072

General

Start time:	21:43:01
Start date:	25/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Imagebase:	0xfe0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6608 Parent PID: 3920

General

Start time:	21:43:04
Start date:	25/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1494442768575948879 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1494442768575948879 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xfe0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6688 Parent PID: 3920

General

Start time:	21:43:06
Start date:	25/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2751167411369981556 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:	0xfe0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 4688 Parent PID: 3920

General

Start time:	21:43:11
Start date:	25/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12651656954935480189 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12651656954935480189 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xfe0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 2796 Parent PID: 3920

General

Start time:	21:43:13
Start date:	25/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16155936778305319840,13329691580229449717,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6466747421876913757 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6466747421876913757 --renderer-client-id=5 --mojo-platform-channel-handle=2136 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xfe0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: AcroRd32.exe PID: 6344 Parent PID: 7072 AcroRd32.exeCOMMON

Execution Graph

Execution Coverage:	13.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	100%
Total number of Nodes:	1
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 0122C003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C01A

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6f79d46f37a109343b23c4d0705641a9cd02846da77d3f6f93123ea7060a9343
Instruction ID: d18a38869edcdf12ced20ce06535ae01c447374b551f70b74843d8abdc7f2339
Opcode Fuzzy Hash: 6f79d46f37a109343b23c4d0705641a9cd02846da77d3f6f93123ea7060a9343
Instruction Fuzzy Hash: F3C04C951CE7D15FC30353711C7A9E32F685A9311275E81D7D480CB09BC548067BA373

Uniqueness

Uniqueness Score: -1.00%

Function 0122C790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C79A

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ca610c29548365b14193f4b3733efc108bc5fba3ea4f85a3fdda65596795f4ca
Instruction ID: 24c222a81b5e1cdc8929526d861eb7b7469039e69b5b0c81c8aede3c95c81b83
Opcode Fuzzy Hash: ca610c29548365b14193f4b3733efc108bc5fba3ea4f85a3fdda65596795f4ca
Instruction Fuzzy Hash: 1F9002B138100413D540B15A541D6064109A7E1341FA9D011E0508554CDD55887662A2

Uniqueness

Uniqueness Score: -1.00%

Function 0122C490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C49A

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 27f39f725fbc4ddf4ed6edbdbaf2fb901154df17dbddf5cfe2b0171797882fc8
Instruction ID: ed9f01ea0f7c23bd89b61a385316db703e49615f704c05367ebdf9426b085d9c
Opcode Fuzzy Hash: 27f39f725fbc4ddf4ed6edbdbaf2fb901154df17dbddf5cfe2b0171797882fc8
Instruction Fuzzy Hash: 409002B138100812D500A19A4409706010957D0241FA9C412E0618558DCE95887175B1

Uniqueness

Uniqueness Score: -1.00%

Function 0122C310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C31A

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 94fe9238a1e4ce733e42958529fbd4d5e349bfa2a5c7ed018426c4686885a88d
Instruction ID: 9447b12b62010385d9d3105b563272ad9021b1b32defda6667d104bdddd03be6
Opcode Fuzzy Hash: 94fe9238a1e4ce733e42958529fbd4d5e349bfa2a5c7ed018426c4686885a88d
Instruction Fuzzy Hash: 079002F13C100852D500A15A4419B06010997E1341FA9C015E1158554DCE59CC7271A6

Uniqueness

Uniqueness Score: -1.00%

Function 0122C110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C11A

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 974553679e260ee94105ede55221de7ebabb8bf32f6d2476e9886545627095af
Instruction ID: e9e25a79da4b49eba1e8d7fe18c27522da9b3995b9a6b5d6e8808763a65d6502
Opcode Fuzzy Hash: 974553679e260ee94105ede55221de7ebabb8bf32f6d2476e9886545627095af
Instruction Fuzzy Hash: 699002B138504852D500A55A540DA06010957D0245FA9D011A1158595DCE758871B1B1

Uniqueness

Uniqueness Score: -1.00%

Function 0122C750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C75A

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 29a4828123023646854a7bbbcb48b4819c91ec2835c90ceab7cf9a40c6c5dfcf
Instruction ID: afc34d6a9a137a3c542639b049d78ead32c0aee77a63480a3447406eeacafe08
Opcode Fuzzy Hash: 29a4828123023646854a7bbbcb48b4819c91ec2835c90ceab7cf9a40c6c5dfcf
Instruction Fuzzy Hash: F89002B939300412D580B15A540D60A010957D1242FE9D415A0109558CCD55887963A1

Uniqueness

Uniqueness Score: -1.00%

Function 0122C350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C35A

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8d89eae79bf23fd2470a217f38d913a545bfe8558363e65addd2e62fded9dca4
Instruction ID: 5ea3d84543781284fe2818d238d8025bab4dbd911074f17dbebd2ae9ea90420b
Opcode Fuzzy Hash: 8d89eae79bf23fd2470a217f38d913a545bfe8558363e65addd2e62fded9dca4
Instruction Fuzzy Hash: 1C9002F138504492D511A25A4409F0A420D57E0285FE9C016A0148594CCD658972E1A1

Uniqueness

Uniqueness Score: -1.00%

Function 0122C050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C05A

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4c84151277232184f4ece1caff9d03736cb5b2ac7b5af92573ec6003a39c157d
Instruction ID: c167b7542daf6858573f5189dc2cfda649c436be1ab1a95d524171969364458c
Opcode Fuzzy Hash: 4c84151277232184f4ece1caff9d03736cb5b2ac7b5af92573ec6003a39c157d
Instruction Fuzzy Hash: 5B9002B178500812D541B15A4459706011D57D0281FE9C012A0118554DCE958B76B6E1

Uniqueness

Uniqueness Score: -1.00%

Function 0122C1D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C1DA

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7e47dad86479da47a279e07b6665d510168b853dcf6ee2752cb09e064007092b
Instruction ID: f712c09118f7ab06895c2f92f54f831258102bbc0871f5471167a53f10353a1b
Opcode Fuzzy Hash: 7e47dad86479da47a279e07b6665d510168b853dcf6ee2752cb09e064007092b
Instruction Fuzzy Hash: 4C9002B138100C52D500A15A4409B46010957E0341FA9C016A0218654DCE55C87175A1

Uniqueness

Uniqueness Score: -1.00%

Function 0122C2D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C2DA

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b2a3f88fabd24f7c8c3c2fafaa86054f15987965036c94671819ae633b8cb8be
Instruction ID: 595b96017b642c6488b1f85f8e50c5a5e77438745a2681b1e6536427cda0bd29
Opcode Fuzzy Hash: b2a3f88fabd24f7c8c3c2fafaa86054f15987965036c94671819ae633b8cb8be
Instruction Fuzzy Hash: 0D9002B139114812D510A15A8409706010957D1241FA9C411A0918558DCED588B171A2

Uniqueness

Uniqueness Score: -1.00%

Function 0122C6D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0122C6DA

Memory Dump Source

Source File: 00000003.00000002.489434685.000000000122C000.00000020.00000001.sdmp, Offset: 0122C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_122c000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: dfe2004c431489e9de8f4bf325dee0477a038e150051f59701c81b6116e10e0f
Instruction ID: 410af6811aa0a808a77b91965b216cec03cf9dd7cdf36a1e6e8a0aa3957d8b51
Opcode Fuzzy Hash: dfe2004c431489e9de8f4bf325dee0477a038e150051f59701c81b6116e10e0f
Instruction Fuzzy Hash: 499002B138100812D500A59A540D646010957E0341FA9D011A5118555ECEA588B171B1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report KDeochand_02172021092904.pdf

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PDF Info

General

Keywords Statistics

Network Behavior

Network Port Distribution

UDP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: AcroRd32.exe PID: 7072 Parent PID: 5884

General

Chronological Activities

Analysis Process: AcroRd32.exe PID: 6344 Parent PID: 7072

General

Chronological Activities

Analysis Process: RdrCEF.exe PID: 3920 Parent PID: 7072

General

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6608 Parent PID: 3920

General

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6688 Parent PID: 3920

Function 0122C003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Function 0122C790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0122C490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0122C310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0122C110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0122C750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0122C350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0122C050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0122C1D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0122C2D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0122C6D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON