Loading ...

Play interactive tourEdit tour

Analysis Report 2021-04-13 14-41.pdf

Overview

General Information

Sample Name:2021-04-13 14-41.pdf
Analysis ID:392879
MD5:9fd274363428a0b7ba826cd0b98de9ba
SHA1:8093425eefd39d6797bbfc3ece4379ffcd2ff09d
SHA256:cacb0df455e4b597f9099197422e059e8ad21252aa65b96fc15cf1219f6f98ea
Infos:

Most interesting Screenshot:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
IP address seen in connection with other malware

Classification

Startup

  • System is w10x64
  • AcroRd32.exe (PID: 6944 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\2021-04-13 14-41.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • AcroRd32.exe (PID: 7012 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\2021-04-13 14-41.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • RdrCEF.exe (PID: 6432 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6524 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1000436766168472791 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1000436766168472791 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6864 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=16364913901443466544 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6436 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9856507164920163182 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9856507164920163182 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 4136 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13249810019276721345 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13249810019276721345 --renderer-client-id=5 --mojo-platform-channel-handle=1972 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox ViewIP Address: 80.0.0.0 80.0.0.0
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpString found in binary or memory: http://cipa.jp/exif/1.0/0)_1
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/V
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.891825180.000000000B388000.00000004.00000001.sdmpString found in binary or memory: http://www.adobe.
Source: AcroRd32.exe, 00000001.00000002.899378687.000000001030C000.00000004.00000001.sdmpString found in binary or memory: http://www.adobe.co
Source: AcroRd32.exe, 00000001.00000002.891825180.000000000B388000.00000004.00000001.sdmpString found in binary or memory: http://www.adobe.go/i
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/&
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/extension//
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/field#n
Source: AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/type#=
Source: AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpString found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpString found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpString found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpString found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/0
Source: AcroRd32.exe, 00000001.00000002.888358790.000000000A423000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.888358790.000000000A423000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/$
Source: AcroRd32.exe, 00000001.00000002.888358790.000000000A423000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/N
Source: AcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/es
Source: AcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/esa
Source: AcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/h
Source: AcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y
Source: AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.899080447.0000000010183000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.comocessId
Source: AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpString found in binary or memory: https://api.echosign.comrobat.c
Source: AcroRd32.exe, 00000001.00000002.882642727.0000000008ED0000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000002.882146395.00000000086BD000.00000002.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: classification engineClassification label: clean1.winPDF@13/48@0/2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.7012Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1gnxnep_6ki6bn_5es.tmpJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\2021-04-13 14-41.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\2021-04-13 14-41.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1000436766168472791 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1000436766168472791 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=16364913901443466544 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9856507164920163182 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9856507164920163182 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13249810019276721345 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13249810019276721345 --renderer-client-id=5 --mojo-platform-channel-handle=1972 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\2021-04-13 14-41.pdf'Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1000436766168472791 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1000436766168472791 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=16364913901443466544 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9856507164920163182 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9856507164920163182 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13249810019276721345 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13249810019276721345 --renderer-client-id=5 --mojo-platform-channel-handle=1972 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile opened: C:\Windows\SysWOW64\Msftedit.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 2021-04-13 14-41.pdfInitial sample: PDF keyword /JS count = 0
Source: 2021-04-13 14-41.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 2021-04-13 14-41.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: AcroRd32.exe, 00000001.00000002.891825180.000000000B388000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeCode function: 1_2_00920490 LdrInitializeThunk,1_2_00920490
Source: AcroRd32.exe, 00000001.00000002.876766483.0000000005420000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.876766483.0000000005420000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.876766483.0000000005420000.00000002.00000001.sdmpBinary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.876766483.0000000005420000.00000002.00000001.sdmpBinary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection2Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection2LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 392879 Sample: 2021-04-13 14-41.pdf Startdate: 19/04/2021 Architecture: WINDOWS Score: 1 6 AcroRd32.exe 15 42 2->6         started        process3 8 RdrCEF.exe 60 6->8         started        11 AcroRd32.exe 8 6 6->11         started        dnsIp4 22 192.168.2.1 unknown unknown 8->22 13 RdrCEF.exe 8->13         started        16 RdrCEF.exe 8->16         started        18 RdrCEF.exe 8->18         started        20 RdrCEF.exe 8->20         started        process5 dnsIp6 24 80.0.0.0 NTLGB United Kingdom 13->24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/h0%Avira URL Cloudsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
http://ns.useplus.org/ldf/xmp/1.0/0%URL Reputationsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/N0%Avira URL Cloudsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://www.osmf.org/layout/anchor0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://cipa.jp/exif/1.0/0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default0%URL Reputationsafe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/V0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/esa0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/$0%Avira URL Cloudsafe
http://cipa.jp/exif/1.0/0)_10%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/es0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/0%Avira URL Cloudsafe
http://www.npes.org/pdfx/ns/id/0%URL Reputationsafe
http://www.npes.org/pdfx/ns/id/0%URL Reputationsafe
http://www.npes.org/pdfx/ns/id/0%URL Reputationsafe
http://www.osmf.org/drm/default0%URL Reputationsafe
http://www.osmf.org/drm/default0%URL Reputationsafe
http://www.osmf.org/drm/default0%URL Reputationsafe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes0%URL Reputationsafe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes0%URL Reputationsafe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes0%URL Reputationsafe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn0%URL Reputationsafe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn0%URL Reputationsafe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn0%URL Reputationsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y0%Avira URL Cloudsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/0%Avira URL Cloudsafe
http://www.adobe.go/i0%Avira URL Cloudsafe
http://www.quicktime.com.Acrobat0%URL Reputationsafe
http://www.quicktime.com.Acrobat0%URL Reputationsafe
http://www.quicktime.com.Acrobat0%URL Reputationsafe
http://www.adobe.0%URL Reputationsafe
http://www.adobe.0%URL Reputationsafe
http://www.adobe.0%URL Reputationsafe
http://www.osmf.org/subclip/1.00%URL Reputationsafe
http://www.osmf.org/subclip/1.00%URL Reputationsafe
http://www.osmf.org/subclip/1.00%URL Reputationsafe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/00%Avira URL Cloudsafe
https://api.echosign.comocessId0%Avira URL Cloudsafe
http://www.adobe.co0%URL Reputationsafe
http://www.adobe.co0%URL Reputationsafe
http://www.adobe.co0%URL Reputationsafe
https://api.echosign.comrobat.c0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.aiim.org/pdfa/ns/property#AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
    high
    https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/hAcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    low
    http://ns.useplus.org/ldf/xmp/1.0/AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    unknown
    http://www.aiim.org/pdfa/ns/id/AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpfalse
      high
      https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/NAcroRd32.exe, 00000001.00000002.888358790.000000000A423000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      low
      http://iptc.org/std/Iptc4xmpExt/2008-02-29/AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      unknown
      http://www.osmf.org/layout/anchorAcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      unknown
      http://www.aiim.org/pdfa/ns/schema#AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
        high
        http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/absAcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        unknown
        http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        unknown
        http://www.aiim.org/pdfe/ns/id/AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpfalse
          high
          http://cipa.jp/exif/1.0/AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          unknown
          http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/defaultAcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          unknown
          http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/VAcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          http://www.aiim.org/pdfa/ns/type#=AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
            high
            https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/esaAcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            low
            http://www.aiim.org/pdfa/ns/type#AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
              high
              https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/$AcroRd32.exe, 00000001.00000002.888358790.000000000A423000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              low
              http://cipa.jp/exif/1.0/0)_1AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/esAcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              low
              http://www.aiim.org/pdfa/ns/field#nAcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
                high
                https://api.echosign.comAcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpfalse
                  high
                  https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/AcroRd32.exe, 00000001.00000002.888358790.000000000A423000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  low
                  http://www.aiim.org/pdfa/ns/extension/&AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
                    high
                    http://www.npes.org/pdfx/ns/id/AcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    http://www.aiim.org/pdfa/ns/field#AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
                      high
                      http://www.osmf.org/drm/defaultAcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributesAcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dynAcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/yAcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      low
                      http://www.aiim.org/pdfa/ns/extension/AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
                        high
                        https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/AcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        low
                        http://www.adobe.go/iAcroRd32.exe, 00000001.00000002.891825180.000000000B388000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.aiim.org/pdfa/ns/extension//AcroRd32.exe, 00000001.00000002.891224156.000000000B16F000.00000004.00000001.sdmpfalse
                          high
                          http://www.quicktime.com.AcrobatAcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          https://ims-na1.adobelogin.comAcroRd32.exe, 00000001.00000002.882642727.0000000008ED0000.00000004.00000001.sdmpfalse
                            high
                            http://www.adobe.AcroRd32.exe, 00000001.00000002.891825180.000000000B388000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.osmf.org/subclip/1.0AcroRd32.exe, 00000001.00000002.877629260.0000000007800000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/0AcroRd32.exe, 00000001.00000002.891288380.000000000B1D7000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            https://api.echosign.comocessIdAcroRd32.exe, 00000001.00000002.899080447.0000000010183000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.adobe.coAcroRd32.exe, 00000001.00000002.899378687.000000001030C000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://api.echosign.comrobat.cAcroRd32.exe, 00000001.00000003.874026753.000000000B03B000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            80.0.0.0
                            unknownUnited Kingdom
                            5089NTLGBfalse

                            Private

                            IP
                            192.168.2.1

                            General Information

                            Joe Sandbox Version:31.0.0 Emerald
                            Analysis ID:392879
                            Start date:19.04.2021
                            Start time:23:34:16
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 8m 18s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:2021-04-13 14-41.pdf
                            Cookbook file name:defaultwindowspdfcookbook.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:26
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:CLEAN
                            Classification:clean1.winPDF@13/48@0/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HDC Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 11
                            • Number of non-executed functions: 0
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            • Found application associated with file extension: .pdf
                            • Found PDF document
                            • Find and activate links
                            • Close Viewer
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                            • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 20.82.210.154, 104.42.151.234, 13.64.90.137, 92.122.145.220, 104.43.139.144, 92.122.146.26, 23.32.238.123, 23.32.238.129, 20.50.102.62, 52.255.188.83, 168.61.161.212, 92.122.213.247, 92.122.213.194, 2.20.142.209, 2.20.142.210, 93.184.221.240, 52.155.217.156, 20.54.26.129
                            • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, e4578.dscb.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, acroipm2.adobe.com, wu.azureedge.net, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, a122.dscd.akamai.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, dual-a-0001.a-msedge.net, acroipm2.adobe.com.edgesuite.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, armmf.adobe.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                            • Report size getting too big, too many NtSetInformationFile calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            23:35:10API Interceptor11x Sleep call for process: RdrCEF.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            80.0.0.0123.exeGet hashmaliciousBrowse
                              123.exeGet hashmaliciousBrowse
                                EiK2ZuecHv.exeGet hashmaliciousBrowse
                                  File6512365134_7863_20210413.htmlGet hashmaliciousBrowse
                                    DHL_Express_Shipments_Invoice_Confirmation_CBJ190517000131_74700456XXX.exeGet hashmaliciousBrowse
                                      DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.exeGet hashmaliciousBrowse
                                        DHL_Express_Shipments_Invoice_Confirmation_CBJ190517000131_74700456XXX.exeGet hashmaliciousBrowse
                                          DHL_Express_Shipment_Confirmation_BKKR005545473_88700456XXXX.exeGet hashmaliciousBrowse
                                            APRILQUOTATION#QQO2103060_SAMPLES_KHANG HY_CO_CORPORATION.exeGet hashmaliciousBrowse
                                              #U260f8284.HTMLGet hashmaliciousBrowse
                                                HunpuKMHQt.exeGet hashmaliciousBrowse
                                                  JbQoNNPVOk.exeGet hashmaliciousBrowse
                                                    _vm583573758.htmGet hashmaliciousBrowse
                                                      March 17, 2021, 101142 AM.HTMGet hashmaliciousBrowse
                                                        message_zdm.htmlGet hashmaliciousBrowse
                                                          0000001_Carved.pdfGet hashmaliciousBrowse
                                                            BWKPI3LiLi.jarGet hashmaliciousBrowse
                                                              BWKPI3LiLi.jarGet hashmaliciousBrowse
                                                                fakeadmin.pdfGet hashmaliciousBrowse
                                                                  x4F1uS8nAq.exeGet hashmaliciousBrowse

                                                                    Domains

                                                                    No context

                                                                    ASN

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                    NTLGBJ76uxxiy.exeGet hashmaliciousBrowse
                                                                    • 86.18.99.199
                                                                    123.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    123.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    EiK2ZuecHv.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    File6512365134_7863_20210413.htmlGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    DHL_Express_Shipments_Invoice_Confirmation_CBJ190517000131_74700456XXX.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    DHL_Express_Shipments_Invoice_Confirmation_CBJ190517000131_74700456XXX.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    DHL_Express_Shipment_Confirmation_BKKR005545473_88700456XXXX.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    APRILQUOTATION#QQO2103060_SAMPLES_KHANG HY_CO_CORPORATION.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    #U260f8284.HTMLGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    HunpuKMHQt.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    1.shGet hashmaliciousBrowse
                                                                    • 62.254.90.3
                                                                    PDFXCview.exeGet hashmaliciousBrowse
                                                                    • 82.38.144.251
                                                                    JbQoNNPVOk.exeGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    _vm583573758.htmGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    March 17, 2021, 101142 AM.HTMGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    message_zdm.htmlGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    0000001_Carved.pdfGet hashmaliciousBrowse
                                                                    • 80.0.0.0
                                                                    BWKPI3LiLi.jarGet hashmaliciousBrowse
                                                                    • 80.0.0.0

                                                                    JA3 Fingerprints

                                                                    No context

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):410
                                                                    Entropy (8bit):5.668239760069053
                                                                    Encrypted:false
                                                                    SSDEEP:6:men9YOFLvEWdM9QKqtPt0i7Z+P41TK6tal2en9YOFLvEWdM9Qb07+bv/i7Z+P41R:vDRM93qb3ZiEclfDRM9B7+bvmZiE
                                                                    MD5:6575CEC789FF5F4B7102EAC85A695C00
                                                                    SHA1:79660BEB4820A13D1320B33BA8C154BAD8708BCB
                                                                    SHA-256:61CDFBF6D4651CEAEE914656B8F7FFC150710B60736DDF5EBC84AF09E9DBD88D
                                                                    SHA-512:D6BB7DA9AB51953BFDEAED81938ED180E2C2553C459A377632FF5526327D702D8DC7FB10A524A8336743C50A0BA515BB2EB55BF359AA82F4C5502E14390670A2
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview: 0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ...d../....."#.D.Xb.}..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo........G.........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..r.e../....."#.D....}..A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo.......I.C........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):522
                                                                    Entropy (8bit):5.638867443590208
                                                                    Encrypted:false
                                                                    SSDEEP:6:mi9NqEYOFLvEk9w+28Be7Ywcr1TK6tgi9NqEYOFLvEkTG8Be7Ywcr1TK6tYbi9N2:V9zC9PQN9zzG9PQr9zgTI9PQ
                                                                    MD5:0580BCC1E6C1DEA2AEAEAFE6A2215774
                                                                    SHA1:1C77E57D9ED498783D8FC52D134EE847F4AB5F1C
                                                                    SHA-256:5480172D6C0FDCA63F574A6AAA6E62C250FBA8C2A059E4B0B3B340D3A589EC1A
                                                                    SHA-512:C95B5B43E40F44C199C2DE35049FE997D78CEC8614C4D2ABD7584F20BB80C231D437DBB8718ACCA3A18F1765186B9022FC531F9BD3C435C1CDC0FC5B978C14BE
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview: 0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .r.xc../....."#.D.X..}..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo......H?.`........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ...d../....."#.D...}..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo..................0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ....d../....."#.D.&..}..A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo.......w.u........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):492
                                                                    Entropy (8bit):5.576250158963067
                                                                    Encrypted:false
                                                                    SSDEEP:12:DyeRVFAFjVFAFinoKlUo6jnyeRVFAFjVFAFvlUo6j:tB4v4BKSBJB4v4vSB
                                                                    MD5:30B33314A96699E4129006BF51A8F0E1
                                                                    SHA1:508A81176A4960E953E7889A8CD60944DEC72000
                                                                    SHA-256:029BF0D2C15827EFAFE27830CF7A4CCEA62C262B4D5EF329662C0DAF2A9676A7
                                                                    SHA-512:BD4A7B21EFDC65B1CF37BDD70C24E5F78FF9ECE2CF433F4B7E6B9B50BB1FFDE8FF43D6B4CDF0F0A3AD97903B21BB948AF5004931E249F2162FF12A15BB170FCA
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview: 0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..\.d../....."#.D.M_.}..A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo.........t........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ....e../....."#.D..}..A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo......tZlB........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):232
                                                                    Entropy (8bit):5.6779944262397075
                                                                    Encrypted:false
                                                                    SSDEEP:6:mNtVYOFLvEWdFCi5Rs/z7iW2iWulHyA1TK6t:IbRkiDezPWuss
                                                                    MD5:9C0CE7AA964FF440967E77D5229CEA41
                                                                    SHA1:9200A6D53ADDAD47112E8B1D1AEC91FAC8B9F747
                                                                    SHA-256:C8A464C6871D65F3BCAD1C2A34779649B97B9DCE02368ED0D2AF5F6CA2D736E8
                                                                    SHA-512:6C37C9F99898E0F866BB6AA42A7B56599594C7576CD85B3DC571659CA139DEB0B3B0C7B501EF9BE056F57D4DF24B6096403B4C1B9300E6A20703D9E029D28840
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview: 0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ..W.d../....."#.DG...}..A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo......GZ.,........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):210
                                                                    Entropy (8bit):5.551709347571625
                                                                    Encrypted:false
                                                                    SSDEEP:6:m+yiXYOFLvEWd7VIGXVuHTVyh9PT41TK6t:pyixRuxTV41TE
                                                                    MD5:54EE3B447F8A1EBC71A62A8B8EA512E6
                                                                    SHA1:7F22FAD8AE17641A5F198D1BDE6495277B9C71A6
                                                                    SHA-256:C8B3E9D4C63B3AE1CCA9706D9179DAA071501846964841F6844D356B7FC53DD2
                                                                    SHA-512:102E539E44A002746EE7AE12B1931D84ED3403478C9A076E847C0210F1A5131D4773E81711D151D7AA3508270B746C5B28F8FE2D12FB06D207E8B5B027F3DD95
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview: 0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ...e../....."#.D....}..Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo......#0.,........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):432
                                                                    Entropy (8bit):5.638482334704227
                                                                    Encrypted:false
                                                                    SSDEEP:6:mvYOFLvEWdhwjQwqLZIl6P41TK6tr+vYOFLvEWdhwjQBshLZIl6P41TK6t2:0RhkpqLZCyRhk8shLZC4
                                                                    MD5:4B3810CD0F19556B163AA90CF4A2CB19
                                                                    SHA1:698C40470B2C1B0A2A56EB4E34B072681D45B784
                                                                    SHA-256:289C97D7902E5310408E403713CD7406677F1071A0741694613BEAF7A146706E
                                                                    SHA-512:2C2576C5CC542CB929E67CE93A8830201AD7A9EF50C4FC86780D0A8971A5E828B9F21573E6101078BD604CA8BE355373588D8C3DC99E01ABEA31773A58DF0701
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview: 0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ..J.c../....."#.D.4..}..A.].>....uUf..N...k......c..l.A..Eo...................A..Eo.........T........0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js .{..e../....."#.D..|.}..A.].>....uUf..N...k......c..l.A..Eo...................A..Eo.......1c1........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):209
                                                                    Entropy (8bit):5.524248143736577
                                                                    Encrypted:false
                                                                    SSDEEP:3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVUoEK9Q6GFcyxMtv9EWm1TK5w:mJYOFLvEWdGQRQOdQHmQ76g1TK6tH
                                                                    MD5:DC256C01FE670FEB0C165EF15AF3193C
                                                                    SHA1:FE349E8BC17FBF5E8D2014E57088F5CA896B55FB
                                                                    SHA-256:823578DCDB5564259130D2F373BEB004F5982A3FF0C2D8266C53BD5B0D91A920
                                                                    SHA-512:E23821D5AA08105B01CC1121589F2E1A668E174618FCCD0F433507E204F702F36DCE916BD72344E6B98052B57238F63DB4CF0DE0193CD1AE1D20FCF280AFE3E9
                                                                    Malicious:false
                                                                    Preview: 0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ..#.e../....."#.D.M..}..A..c..y/L....|y.n..C/I.....X7-ne.A..Eo...................A..Eo......8...........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):537
                                                                    Entropy (8bit):5.588916408195535
                                                                    Encrypted:false
                                                                    SSDEEP:12:Z5M1NMuR/Ea5MkNMuR/EBz5MI6XmNMuR/E:ZSUuR/EaSzuR/EBzSbJuR/E
                                                                    MD5:5996447CF1773ACDE17756D2EF25FF14
                                                                    SHA1:ADEF37B35C86D479F6DEF4D6C702C8BC132A1A31
                                                                    SHA-256:9B4020EAC160E161DAFB1002D1F81B5DC6C05C309FB8AD1C7D2491BEA573094D
                                                                    SHA-512:B5BAC00E332D90576D920A22A1E506F39F3FD745BD627BB864B497249F17D189625F45060C14468EF288C13A663D77625F6CAE7D53AA5EF5EE946E077445882A
                                                                    Malicious:false
                                                                    Preview: 0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .(.xc../....."#.D....}..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......Q..b........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .<..d../....."#.D....}..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......Q.\........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .e..d../....."#.D.Z..}..A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo.........D........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):214
                                                                    Entropy (8bit):5.53530636662749
                                                                    Encrypted:false
                                                                    SSDEEP:6:m4fPYOFLvEWdtu8tOJby0zBUKSAA1TK6tBs:pRFkbeI
                                                                    MD5:3054C50F0D9214E96D7D44079E009EEA
                                                                    SHA1:0A98A2C7FD3571A3AFAC1A49D033F29B860F5316
                                                                    SHA-256:E930CDB60EA2523C4B10D54064A3B870A627310F5A38E15F87B7A318EBC63857
                                                                    SHA-512:E9A5BBD824EA5C7AADAD6557D6279E94976CAE15AF02CE4B835320738609D648745D510F51E581CB989CAF3B6B26F82E93ADC6396A35BE3ADC04E055ED7A1A30
                                                                    Malicious:false
                                                                    Preview: 0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ....e../....."#.D....}..AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......fx.f........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):531
                                                                    Entropy (8bit):5.580154177603753
                                                                    Encrypted:false
                                                                    SSDEEP:12:KkXxKMSCvBtUlNkXxKMSCvsctUlRokXxKMSCvWlMZtUlS:KkXxiCZWNkXxiCEcWekXxiCquW
                                                                    MD5:F2480C0653F3EAA1309E3615D84DD28F
                                                                    SHA1:5CC3737CD68F9C439F750E55B6CADA21F77DB4E4
                                                                    SHA-256:B966D770D56FF549329843BF2782543240A8F4253B1E1DB8B4D177948B587E45
                                                                    SHA-512:FDA6631288B9AF047A605694CC467287B8C469D53C4E9C26DDE525315748B050E39E3AA589197FAF2F6C8427A3EF996250F30427B9EC9481E8277370CC0397B3
                                                                    Malicious:false
                                                                    Preview: 0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ...xc../....."#.D.t..}..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......j..........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ...d../....."#.D....}..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo........;)........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .R..d../....."#.DsI..}..A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo..................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):561
                                                                    Entropy (8bit):5.626508580379242
                                                                    Encrypted:false
                                                                    SSDEEP:12:5h6OLMPkXknllbh6OL1zaXk7Xzh6OL5Xk5:5h6pPPjh6y7jh6P5
                                                                    MD5:A9E966F464927532A7E940A42060F2F0
                                                                    SHA1:5009D046BF73654A2FA11D7703C42E3263670BC4
                                                                    SHA-256:D1F950D702199CB2C7EA269912017EDF2F891256325FDBB219BE7ABAA9332D92
                                                                    SHA-512:56D66C732FAB88263265DB87301F9DF58F1ABC0978489B4832AE77DB243301CBFA68B9DFC3710FFD55A8C71DF5630578854709F5326C40B1EDD1E3F8EAC993CB
                                                                    Malicious:false
                                                                    Preview: 0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ....c../....."#.Dn4-.}..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo..................0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .`A.d../....."#.D.'..}..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo.......L*M........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ...e../....."#.D..k.}..A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo........K2........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):488
                                                                    Entropy (8bit):5.608821254466559
                                                                    Encrypted:false
                                                                    SSDEEP:12:URVFAFjVFAFNX1KwSeKaTLnLRVFAFjVFAFZ7KwSeKaTLnE:UB4v4NX1KwzXLnLB4v4Z7KwzXLnE
                                                                    MD5:77E1A1F39939F99C1F9724F453B62F3B
                                                                    SHA1:EA1819ED200C59722D4DBDBE4F59CC3BD1280B21
                                                                    SHA-256:12931D0C38A62153AB421A9DACDAAED2908324E2E87915E5C03D0C17006D0764
                                                                    SHA-512:6B4B6C57A4B19C9A8D46212113D86FF6DFB4FD296BF69632189213D0208545078B6AEB05F96F15E8B60BB9637D8FBFCD3359BEE1F8BD92E202EE60207CA3E8E2
                                                                    Malicious:false
                                                                    Preview: 0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .x..d../....."#.Dp.l.}..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo.......h..........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ...e../....."#.D....}..A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo.......z5i........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):211
                                                                    Entropy (8bit):5.517245253915342
                                                                    Encrypted:false
                                                                    SSDEEP:6:ms2VYOFLvEWdvBIEGdeXu17ar711TK6tM:BsR2EsesaV
                                                                    MD5:2C18C2FAF31F872A32A02A9CE94AD86D
                                                                    SHA1:164FD96CB7B8941A294731216E4E89BFB180BA17
                                                                    SHA-256:7FF8A90534E5C39F5D619914B8584AB3B9F0CD3296B44F50F7DF48E78050B15B
                                                                    SHA-512:79B3425CC47C7F9D81308E55831A2D77CD224EAE61DE4FC6DAA51B4EFA493A7213EED51E466BB3A3030CDF9629360010F445E404640111ACFE10578AB5A137A8
                                                                    Malicious:false
                                                                    Preview: 0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ....e../....."#.D`..}..A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo.......4.r........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):404
                                                                    Entropy (8bit):5.699449059544294
                                                                    Encrypted:false
                                                                    SSDEEP:6:maVYOFLvEWdwAPCQ7C7YgB7OhKlvA1TK6t1l2aVYOFLvEWdwAPCQD5DB7OhKlvA5:RbR16yC8gBJkTXbR16QBJk
                                                                    MD5:D4F5FA546BF9208B54702F96838D9900
                                                                    SHA1:D27DEA2706A17FA17CDC33E620F4790A46E5E8FE
                                                                    SHA-256:F5F2D7E467338A012AFF6336098CF47B74E489588CCDAECF329A9110166C2B06
                                                                    SHA-512:CE837A801D5DF04279F74A604D49E4AEEDEC26C840D52530123EC23E6AC317DD84A7CD2C97AD5253B26BC157DF69E9045652A87F0F83959F8078265914DA1784
                                                                    Malicious:false
                                                                    Preview: 0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ..<.c../....."#.DF...}..A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo......6.=.........0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js .>..e../....."#.D.Q|.}..A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo........O.........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):211
                                                                    Entropy (8bit):5.576440633041756
                                                                    Encrypted:false
                                                                    SSDEEP:6:ms2gEYOFLvEWdGQRQVuB9AV+wQdFt1TK6t2:B2geRHRQZ+w0U
                                                                    MD5:47A9BD5A8470ECDC081700E5DCDEE20C
                                                                    SHA1:0A3E03C5B4F12E2986463994F16E0872377F3B4B
                                                                    SHA-256:2ADB64505A44482EE25C5BB047B977BC2B1B018F4FE0497E497E653EDC62E9D7
                                                                    SHA-512:B7FDBA005DAC0FA52B2C998C3349F61243C0A66F252A7A4DF0AF7AE39AC33F82C5BEC30EE9B50EB3CF70D6CD4E78CBCF3495BEAA744054440938031866AB28A7
                                                                    Malicious:false
                                                                    Preview: 0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ....e../....."#.Dt..}..A@..{o]...9o|..qY....T....{..u.b..A..Eo...................A..Eo..................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):618
                                                                    Entropy (8bit):5.634956852081144
                                                                    Encrypted:false
                                                                    SSDEEP:12:WyeRl0Vrt1wcXEyeRldRCGt1wHyeRladLI+t1w:WJMVrfw9JTbfwHJClXfw
                                                                    MD5:AEE6B2AAA98093A52D0AE8EAA0DDD6E6
                                                                    SHA1:F50D6A9D27349ED7151A7BB0BAE6EC6A39614E6F
                                                                    SHA-256:15883A25BF79DC5768734835DA30403B0E7FE8A3AA209D74784270FF9BEFD9CE
                                                                    SHA-512:2BA08B84AA178EF75F288BAFA05C2E6C8A4E133BF0057F3824F28F538023F2982AFB6CF392E223188521C9A94C6FE8A1887D0F2C636059ED84488CADFAF33263
                                                                    Malicious:false
                                                                    Preview: 0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .o..c../....."#.D].?.}..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo..................0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .<m.d../....."#.D..7.}..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo.................0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ....e../....."#.D.tr.}..A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo........u.........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):436
                                                                    Entropy (8bit):5.60081725599829
                                                                    Encrypted:false
                                                                    SSDEEP:6:mnYOFLvEWdhwyuK76fqwK+41TK6tsnYOFLvEWdhwyuwE/HqwK+41TK6th9l:wRh3DwK+EARhlE/KwK+EN
                                                                    MD5:81F4BA62A92C64CB2F0ADFDD389A3EAA
                                                                    SHA1:B9468F7F335C5A87559171BB0F524CFFB40D2C21
                                                                    SHA-256:88B178C3CC0673421DEA621ECBF2CB98F7687FEAA0598E3B843646500F779EBE
                                                                    SHA-512:A6A9E167A1CDEF0BF444FB2CCF19680AC63E2D14CD72EDFBC0B628910BC6722F4A6FF72E09645B917CDB9B19CFC45A14DD04F0D39DF438EF16F49926C5578118
                                                                    Malicious:false
                                                                    Preview: 0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ...c../....."#.D.)..}..A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo..................0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .R..e../....."#.D..|.}..A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo..................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):690
                                                                    Entropy (8bit):5.618548807587769
                                                                    Encrypted:false
                                                                    SSDEEP:12:/RrROk/bfLEoRrROk/fkfLEVlRrROk/2bfLEZt:/PJ/b4oPJ/s4vPJ/2b4Z
                                                                    MD5:210C0903DB0271EFADB7C0F475284D58
                                                                    SHA1:81BAB086E71B6577EE23B712A99CE354EE6B7DF6
                                                                    SHA-256:0F93FE77F91A274D4A16D224961FEF5D31307B0BE540CB756A998C3632EA1B22
                                                                    SHA-512:CF6068770F929E28712BA149D90AD83AB10558F68DDE677C2000A46763CF3AEBCBD4CA425C675921FA10A1EF7DF7328D4A881C41265AFAF8C689020F47D300E2
                                                                    Malicious:false
                                                                    Preview: 0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ....c../....."#.D.j?.}..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......n.C.........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..j.d../....."#.D..7.}..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......P..8........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ...e../....."#.D.Ar.}..A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......J.kL........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):558
                                                                    Entropy (8bit):5.650572764334854
                                                                    Encrypted:false
                                                                    SSDEEP:6:mmDEYOFLvEWXIZ+J1QPLr1TK6tf2/MmDEYOFLvEWXImKYY91QPLr1TK6tWmDEYOQ:xqTTCPLnd2/jqT5LY9CPLn7qTZCPLn
                                                                    MD5:558B17C79F5F202C30C28867B2A48A06
                                                                    SHA1:0D49CE4D77D4ABA27125E0C63A2A7F8DFBE9382F
                                                                    SHA-256:7B598857385C7BE837C3DA730CDE12CAD12F43EBC4049AF18564D560FE81EAAC
                                                                    SHA-512:3C4DDE1EB5DCF5DF7A0993077A8BE6859C0C7C37CB204D004D9D9E1F30895074607D4065B2EBA53D335A15CB6AC7EB5B4E489D11BF5B03BD92D7A2596DE48D4F
                                                                    Malicious:false
                                                                    Preview: 0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ....c../....."#.D^*-.}..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo.................0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..$.d../....."#.D.;..}..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......!..9........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .(..e../....."#.D.bk.}..A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......Gj..........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):414
                                                                    Entropy (8bit):5.652109013253798
                                                                    Encrypted:false
                                                                    SSDEEP:6:m52YOFLvEWdMAuxeYLsEJ41TK6t1lE52YOFLvEWdMAuC1/69gRLsEJ41TK6tL:zRMje2sDD7RMEWgZsD
                                                                    MD5:5296C7C2EB1F96A290B86940584700F7
                                                                    SHA1:2AA01EE4DED2F30BFDFD897BD4BEE9F2ACBDED55
                                                                    SHA-256:D8D2AB16F4CB4E49AE11173B9A9B4D573DBB5BFDED526F9EFB72D90FF9F8BF8C
                                                                    SHA-512:1CDAFD57ED2D00D8D8F33DB693D323DCB37478784373414077679853D432486639D779CEE2EB99FA9C91ADFEEB40AACFD5C797A94948BA8792D36C8D1135F5A1
                                                                    Malicious:false
                                                                    Preview: 0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ....d../....."#.D[}_.}..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo..................0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..&.e../....."#.D.!..}..A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.......*.y........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):420
                                                                    Entropy (8bit):5.590023466374724
                                                                    Encrypted:false
                                                                    SSDEEP:6:mYilPYOFLvEWd8CAdAu83GTFong1TK6tU2YilPYOFLvEWd8CAdAugf6u2Fong1TN:6lJR13+FoMuqlJRpf2FoM
                                                                    MD5:F4D43DCEC0BC8D811F204DDBBA5C10AE
                                                                    SHA1:DE0ACA05F212DF003C42F755B61D5EE41B590763
                                                                    SHA-256:AF04D1F0DE660CE12D38BBB12D06F17E68681641D0BE96B072934DF0802DD089
                                                                    SHA-512:3D1E96099BE2FD6347953A16B6F4AA0FF25A990804BDD1BFA156D0F76E274E4DFAD7D2A6CC95BC5528C0A96DC4F4D549B61CACFA2E25B76D4A3B796D2CBF6411
                                                                    Malicious:false
                                                                    Preview: 0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .hY.d../....."#.DI._.}..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.......a.6........0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..(.e../....."#.D@..}..Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......\..#........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):669
                                                                    Entropy (8bit):5.626694677057681
                                                                    Encrypted:false
                                                                    SSDEEP:12:F8hRrROk/U/e2n8hRrROk/oQ/e2v8hRrROk/s/e2:UPJ/UW2SPJ/y2aPJ/J2
                                                                    MD5:CC761934C9D3A46F16A9B4BA66B39A88
                                                                    SHA1:5126F881CAC2383A491914CD6970EDC238E4FCE0
                                                                    SHA-256:DDC5C596B121F63DA80BD16559D8A58525D4E613E20C3D5A27B97C92F7CE20FB
                                                                    SHA-512:0629A16D4AE28152B0A8A4C9D7203E2F430FC908DE97FE4B169967CCFE9562095C2DF66F832A8ACAB89BCDA000E4885D4F64C517D76FB0AC3913458DD3AE7601
                                                                    Malicious:false
                                                                    Preview: 0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ....c../....."#.D.Z?.}..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......}D.........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..f.d../....."#.DYR6.}..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo......W.~.........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ...e../....."#.D&.r.}..A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......;.}........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):639
                                                                    Entropy (8bit):5.6686759578231705
                                                                    Encrypted:false
                                                                    SSDEEP:12:ehRcOYYKrNJICQuhRcnMuKrNJIC/hRc3yKrNJICZ:ehWJICRh2OJIC/hqtJICZ
                                                                    MD5:4529B646484F57F5CD61547150B1840C
                                                                    SHA1:0F8739686E9F7F67C53756DB17BDE7FF2E21B9AA
                                                                    SHA-256:8CD8935BDE6CDED4FF6A126FF4EA8D0EC91E2AC22C011EF81993D5B8C2B33BCD
                                                                    SHA-512:BADF31C2383A727F1345D4F0E9D25DD983CDEBBA6FB9ADC2274F7E82F8BCCD37C15EFC3095DF7508618D4F3BAD97BC1D2CDB1684FCAA3563A44855F9CC65C6A4
                                                                    Malicious:false
                                                                    Preview: 0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ..c../....."#.D".?.}..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......K..c........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ....d../....."#.D..9.}..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......Y.2r........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ....e../....."#.D0.r.}..A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.......1nq........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):624
                                                                    Entropy (8bit):5.602080414712542
                                                                    Encrypted:false
                                                                    SSDEEP:6:mOEYOFLvEWdrIhuAMBbLzgm2d/1TK6tBHlEOEYOFLvEWdrIhu5V7tTLzgm2d/1Tu:0RJRefcRLRefRuaaReK/
                                                                    MD5:F7E67F2AF494C5165744F42789FF92C1
                                                                    SHA1:AF1EF39422124AF7C6E09E58AE94A355EB927800
                                                                    SHA-256:13D465FB4ED038B018AD438573F0F1CFC1CB66C239480E856950FCDBA9415F59
                                                                    SHA-512:DC664830F2879918AABB60CE4226F9D14373DC269561B1C5C29CF5B168BB82C7C46F9C19C33E5AD62B2D36B4232FF75D9EE5C08E02598D227E220F105B70326B
                                                                    Malicious:false
                                                                    Preview: 0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ...c../....."#.D` ?.}..AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo.......]K.........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .._.d../....."#.D..5.}..AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo......wNn0........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .5n.e../....."#.D>.q.}..AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo......-.C{........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):564
                                                                    Entropy (8bit):5.644902289497962
                                                                    Encrypted:false
                                                                    SSDEEP:6:mAElVYOFLvEW1KkcRkx56uvp1TK6t3bAElVYOFLvEW1KtvfuOkx56uvp1TK6t72R:6JJK29zJJKtCtKJJK2
                                                                    MD5:1360ED030EB41D7E9A4D0403CB5C9026
                                                                    SHA1:627FB363455E84D0BBFDE0AD8BC01E598D332756
                                                                    SHA-256:80E4E7F4D4E980204EB044F01CFD375AE60D6278A81A7FC7F718542C119ED989
                                                                    SHA-512:1BAE08433CD1C969C0D5F2DE2A12D9B2DE80EB286CAB71BFF3B2C4F77359ADD78D58E7B3BAE455ED36B74C349EF5125A2D5897A2A9512BC0E89382FF3FCC3768
                                                                    Malicious:false
                                                                    Preview: 0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .tT|c../....."#.DS!..}..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......q..S........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ....d../....."#.D.F..}..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.........v........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..U.d../....."#.D....}..Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......M..........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):214
                                                                    Entropy (8bit):5.634408244306225
                                                                    Encrypted:false
                                                                    SSDEEP:6:mWYOFLvEWdBJvvuNw+TYrhUDLYtmOZn1TK6tz:xRBJB+1DcFZLZ
                                                                    MD5:E8CDF9583F1AFE42A0F9FFB827B85633
                                                                    SHA1:59F84523D3AA98D5AB80943AEE7F58BA31734791
                                                                    SHA-256:7F4897F517E1AC7FCFFA627BD1487974D576E490E8F4F92B236F332F39A160A1
                                                                    SHA-512:DD5285556B583ED3E6980FBCC0270140B7BB3FD29BAF082669CC37E147DA4857ECF08736A107C261D4B16FC61D6DEEEC1FBFAE2DD89E047EBD3CEDA10E01F5F4
                                                                    Malicious:false
                                                                    Preview: 0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .l..e../....."#.D.f..}..A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo..................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):633
                                                                    Entropy (8bit):5.661586273413686
                                                                    Encrypted:false
                                                                    SSDEEP:6:msRPYOFLvEWIa7zp7dMUuHVPu1TK6t8H/2sRPYOFLvEWIa7zp73Li3VPu1TK6t1e:BPHbuHciRPHw3cr/TPHNc
                                                                    MD5:8A7EE643C595070E3973A40D5344F124
                                                                    SHA1:CA7A8EB9E16A7805FC65200EFD497E63E0DF31F8
                                                                    SHA-256:B16E0F0816FD80EF68FA7519B71BF0FDE8B1ABFC203DED5CF3B60B3C69B0EFD4
                                                                    SHA-512:43486C059476E3815A4E6C8F64D1D4D0F7FCF6F40CD9DADE65846C726FD6576CED0326E54D071C1A0271F38873D7B806725808C6E74CE9FD0EF4833FBA125263
                                                                    Malicious:false
                                                                    Preview: 0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ...xc../....."#.D....}..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo........*........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....d../....."#.D....}..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......0...........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .T'.d../....."#.Dv...}..A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo..................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):416
                                                                    Entropy (8bit):5.628880021171907
                                                                    Encrypted:false
                                                                    SSDEEP:6:mKPYOFLvEWdENU9QP+/kdiM3Y1TK6tj4KPYOFLvEWdENU9QPoeiM3Y1TK6tl:bJRT9Er0jJRT9her0
                                                                    MD5:2CDEA9EDDF685890CF0C9936F907A309
                                                                    SHA1:1C158327258A02FB5EE9E2B5D1AA1507A393F637
                                                                    SHA-256:F8A385C4CA88EBFE39B515E982FD68D8AE32186E1D28E41FCE397C7ECADD81F2
                                                                    SHA-512:C54DA7EAAC7A2003F7C517ABDF42CD300EE550902BA874E3236396C0329CB98017C0B16EAB5622912611200D528D60B5885123A0F3AF9C7F1174BD5DFE8E679A
                                                                    Malicious:false
                                                                    Preview: 0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ..G.c../....."#.D~7..}..A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo..................0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js .>..e../....."#.DC...}..A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo........o........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):208
                                                                    Entropy (8bit):5.598313001026561
                                                                    Encrypted:false
                                                                    SSDEEP:6:mQt6EYOFLvEWdccAHQMejBRCh/41TK6t:XRc9heDi/E
                                                                    MD5:5175DC9625B92F5C9E6743637F572617
                                                                    SHA1:6EE08C5E5085961C493E300A143BB82B75515EF3
                                                                    SHA-256:5C5DBB2EBFEDEFA2C061605410FDC3C3DCD034778E81296FEB2B0835B7B409EE
                                                                    SHA-512:0C2CD010E3E38654AA615D65B46FFBA18ABE364524D08BB9A49C6C57F05E7EDB843A3BADF376AB64AADB1449E3516C8653D8EA176E76C1244876634568F257B0
                                                                    Malicious:false
                                                                    Preview: 0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ..!.e../....."#.Dn2..}..APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo.................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):231
                                                                    Entropy (8bit):5.597387515364961
                                                                    Encrypted:false
                                                                    SSDEEP:6:mqs6XYOFLvEWdFCi5mhu9ZBsULlF4r1TK6tEt:bs6xRkihBjLlF4nK
                                                                    MD5:2B101FCC0B03A840A851514BF4AAC730
                                                                    SHA1:A82F3E047EDCE315951F4BF83BC9B0B995315722
                                                                    SHA-256:090F518BE90CDEC2993155FD7102B1676E6A0F28CC72ABA7020798B62DEE6214
                                                                    SHA-512:23FDEBC77223118B47BE8C857731D77058C78EAF0EBAE76629D606D6A05030347E0B2C9C33C511E1416CD804662151EF910B81D06E99A6331A499BEEF19FA47E
                                                                    Malicious:false
                                                                    Preview: 0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ....d../....."#.D.=>.}..A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo......A...........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):215
                                                                    Entropy (8bit):5.510193093765166
                                                                    Encrypted:false
                                                                    SSDEEP:3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvjVOll97WkCh4cu1isLK5m1TK5ka:mhYOFLvEWd/aFuRs/JWkw941TK6tb
                                                                    MD5:A7A3473904C17FF405DFA83EEFACAE33
                                                                    SHA1:9EBFD0AEEA2640E480C549D5ECBEF3C1CEE17637
                                                                    SHA-256:9296D15378ABABDDB548A74904CCAFCE32D25C5EF884A166B13127B6E9E59942
                                                                    SHA-512:C5ED6006425F93E95E6122A2FBC65ABC7483ACD3F2DDC498F243CBC579D514CCD3CCDD30600B05D2377F917C0FCC8738F4C25921582E9F5F7EFF944F911AEC08
                                                                    Malicious:false
                                                                    Preview: 0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js .M/.e../....."#.D...}..A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo.......F]\........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):208
                                                                    Entropy (8bit):5.546628777696436
                                                                    Encrypted:false
                                                                    SSDEEP:6:mR9YOFLvEWd7VIGXOdQ3PsEK9vBoBMqVd3G4K41TK6t8:2DRuRWsRqB9Vd2kK
                                                                    MD5:914E0D686BD9ACB3B1830F380DB1DB44
                                                                    SHA1:534B76444CA16FFF79E8E7CABCA339077E18C1B3
                                                                    SHA-256:B11BF98D919D6A6642D04F86408F89650F55B48602A78DC221595D1A920499EC
                                                                    SHA-512:A8003BAA3E0866EEB13399B96F359E58C58DB21E6C187465C1E43C9A49A2553F490075C43012DA7CC4ED97DFC880C6C289E9CC869A3A49B351DDCB277850F13E
                                                                    Malicious:false
                                                                    Preview: 0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ....e../....."#.D....}..A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo.......h..........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):416
                                                                    Entropy (8bit):5.631672506964255
                                                                    Encrypted:false
                                                                    SSDEEP:6:mkqYOFLvEWd8CAd9QmzJuuA424r1TK6tNc+kqYOFLvEWd8CAd9QbvAuA424r1TKf:+RQHFhrn1RQ0Lrn
                                                                    MD5:FDDDFB7143F8543BA91427259306B308
                                                                    SHA1:11704427F6F810F4E18B2D238BEF8B94D6A80720
                                                                    SHA-256:B1125785B900F84CCB70C0786F199FDCD844E46AB2A2446191004D857B258F2E
                                                                    SHA-512:23AB0AB06DB2C240C8159E1D4F5896941A66B45BF0CE92564F206F875C1C69703ECFEDD495CF09833B7E6A5DF2AAE3F354FF39F5C63EF2B5739CD579E5EAAE9E
                                                                    Malicious:false
                                                                    Preview: 0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .)..d../....."#.D..f.}..A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......&t2)........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .|..e../....."#.D....}..A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo.......%im........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):420
                                                                    Entropy (8bit):5.59091400681664
                                                                    Encrypted:false
                                                                    SSDEEP:6:moXXYOFLvEWdENUAu6FshuyC8n1TK6tDoXXYOFLvEWdENUAuCGBRuyC8n1TK6t6:xhRTAK47Q+hRTLy7Q
                                                                    MD5:52395AA152A88FF64B167CD4DBFF1272
                                                                    SHA1:B570D305E1DC97453D1C62AB65FC50F1F9C87696
                                                                    SHA-256:ADD405A501282244A648C87886773586538B0F6153C4E7BE47B5AE2564501687
                                                                    SHA-512:D08DF2126C90402375D92A78FA708DA76AE7CECAF1785B6333FE609BC150F48F9583E31416974D89E4347F44759723CB73921DDFF57EFD28526919F20893A1F1
                                                                    Malicious:false
                                                                    Preview: 0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ....c../....."#.D....}..A8.../...;.\\o....1..........+..A..Eo...................A..Eo..................0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .~..e../....."#.D..{.}..A8.../...;.\\o....1..........+..A..Eo...................A..Eo......,[..........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):663
                                                                    Entropy (8bit):5.651804710472189
                                                                    Encrypted:false
                                                                    SSDEEP:12:nRrROk/Vqm9RrROk/VW17mTRrROk/V5hmp:nPJ/F9PJ/RTPJ/vc
                                                                    MD5:F49911849822EA4151587484167735DE
                                                                    SHA1:CA3D270D927BCC6C1E3A748620F7B75103AB90F4
                                                                    SHA-256:508FEFF22C81B66CEAFBDB2CFD31C0E56FF338318AC80C05E354FAD3CA9549ED
                                                                    SHA-512:65A3BF6795655ECA903C9B347F9A83839BE961636EE8B75198B23D6D258EDAAC497ECC1ABA349B5910E48C6378445E5FBE99DE8014D800D82D2E58A7E1F18009
                                                                    Malicious:false
                                                                    Preview: 0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ...c../....."#.D*.@.}..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......u[.'........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .3..d../....."#.D..9.}..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo........j]........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ....e../....."#.D.Fs.}..A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......wy..........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):210
                                                                    Entropy (8bit):5.577483888032937
                                                                    Encrypted:false
                                                                    SSDEEP:6:mZ/lXYOFLvEWdccAWuV2G+Adm9741TK6t:qxRcmG+Adu7E
                                                                    MD5:F522FFA05EA35FF1B4CBCD903DAC2BDB
                                                                    SHA1:643B24D5ABE94D0B6A42B54D2CA49AD12E7A3A50
                                                                    SHA-256:6D6710247A7FBE38C514AFD9F7EAAE24E1D613C0A89820F6109EE4C253A0CDD6
                                                                    SHA-512:BE05C960AF0A8566AFA2B3671C7968FF66B4AE41D899FE8BFFEC88B420CCBAFC9BD14B86EA093833CB426342CEB83F51FEE85BEE6655666D86BBE95B9CA276DB
                                                                    Malicious:false
                                                                    Preview: 0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ....e../....."#.DNF..}..A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo........Rb........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):408
                                                                    Entropy (8bit):5.605887307116873
                                                                    Encrypted:false
                                                                    SSDEEP:6:mMOYOFLvEWdwAPVuRGV8tJn1TK6t0MOYOFLvEWdwAPVuOrw3KrJn1TK6t:2R1aL+R1maNL
                                                                    MD5:7773E96C907BD12CDDAE69D444841A56
                                                                    SHA1:6F6432183DF77A89166294F6FFBFB17BEFBA9C4B
                                                                    SHA-256:9D035492206E83C0F4D5FFF590B90A4675D9522E1C1E77F6632983543F1F4F9F
                                                                    SHA-512:65F7D5086103AEE0272F14205DB57CC955D2C9151B3FEC1323FC6425A53E71F7DFA86DD93339262DCA4B8348E013309EE6F12CB2ADB9196BC0B41652FC1793B9
                                                                    Malicious:false
                                                                    Preview: 0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..~.c../....."#.D}...}..A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo......F.@P........0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ....e../....."#.D..{.}..A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo.................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):212
                                                                    Entropy (8bit):5.652888836297569
                                                                    Encrypted:false
                                                                    SSDEEP:6:m3PXYOFLvEWdBJvYQEkzhcsBXIh1TK6tK3:mxRBJQlkDB0U3
                                                                    MD5:80EE5A11795A3926B01D5C40FA3D57B8
                                                                    SHA1:624D7F927710C17EC8C73F2266F058D257F89600
                                                                    SHA-256:575703F8BA04525D738C2CA481AC9A5EE36295E9CA637D9FAC703DC4ADF23EE5
                                                                    SHA-512:FFA57751BA84E1ADD3B30748A4B62635AF48DD5C79E9758636104CC794C36FC389B67614C2B641866AE9A7A8ADCBCAB8D8B985346098AEC60442C0A34F02327C
                                                                    Malicious:false
                                                                    Preview: 0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ..'.e../....."#.D...}..A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo.......Od.........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):684
                                                                    Entropy (8bit):5.618754248784891
                                                                    Encrypted:false
                                                                    SSDEEP:12:3RrROk/sUc1VRrROk/sSUOlcSfRrROk/sCc:3PJ/i1VPJ/5UOOKPJ/g
                                                                    MD5:04995E73965256B7CFD17553669C8646
                                                                    SHA1:D125CCCC5E5599946C52E6B6A75CF11A14A6C5FC
                                                                    SHA-256:3487D4829B76D2F9B083704ADABBCC4D8BE0FAD8C297F046A886D54F260BA996
                                                                    SHA-512:8FDFD84CFF7DA0B71CBF563290D380EB804E47DD4278A8D212D404D06909388F268FAFD0879C9389EDE8E6D799A4FE2C1E20AF0EA32D7AF840D4FE2572A0016C
                                                                    Malicious:false
                                                                    Preview: 0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...c../....."#.D..J.}..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......p?`.........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...d../....."#.D.=.}..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......4Z..........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .%..e../....."#.D*.t.}..A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo..................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:Maple help database
                                                                    Category:modified
                                                                    Size (bytes):1032
                                                                    Entropy (8bit):5.179247511723185
                                                                    Encrypted:false
                                                                    SSDEEP:12:oKAiUTurjBQCXzGsEMzo0jLCrRSzK2lgEyP5RKXPKTYds5t5wOZhPfAYyQV/aP0v:/AiZQ+EM85Y1s0qnWVTE
                                                                    MD5:066C0D70DCB106364C2D5DD5C24782B4
                                                                    SHA1:D90DA5F46173F366DCBEE8C09C1DBF859F04002D
                                                                    SHA-256:9995321A05453997BF3FCA85F28A8B4D6C78EFB4C8F4931CBCE2258509DB9A9F
                                                                    SHA-512:63C676A9081CB0A61AC643467AC2E3EE4C8C7816AEA65139F050798975B57131F7C169C857E6507937659498B0764E241AC17C76C4BF2A1F6C12CA60DB026495
                                                                    Malicious:false
                                                                    Preview: .....?G.oy retne....)........T............3...@..e../..........v...q.....d../..........C..M.....k...............#...(...k.............]...I.@..d../...........6<|......d../.........<...W..J...d../..............oB*...d../...........a.......d../.................@.d../...........;.y~A.@..e../...........P....V@..e../.........F..=z;.@..e../.............o.@..e../...........*..@..e../...........2q....@..e../.........Gy.'.h.@..e../.............k7A.@..e../.........:..N.A..@..e../..........;/...@..e../................@..e../............P[. q@..e../.........,+..._.#@..e../..........J..j......e../..........u\]..q...e../.........!...0.o...e../..............q....e../.........A?.2:.....e../...........*.......e../..........o..k.....e../.........^.~..z....e../..........[.i..%....e../..........+.{..'...e../..........@..x...e../.........*)....J:...e../..........&.S......e../............MV3.....e../..........~.,.4>...e../.........+.U.!..V...e../.........=....m.....e../.........
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):292
                                                                    Entropy (8bit):5.209469564805215
                                                                    Encrypted:false
                                                                    SSDEEP:6:m5HQQtxq2Pwkn2nKuAl9OmbnIFUtpOHQEZZmwPOHQrkwOwkn2nKuAl9OmbjLJ:sxvYfHAahFUtpIZ/PP5JfHAaSJ
                                                                    MD5:9B95E8C6DA4D97F43A545F653BC7AB18
                                                                    SHA1:51E009CC57102084679A7A366839235997F3282A
                                                                    SHA-256:FF5A6660584D924E180A8EFAD126D32029C987B23286CB470112932BB87D93FD
                                                                    SHA-512:4640BA0C88200C230A0B34470FC206DA91A1FF1E1C5D9F796224B8C460BCFCA3A6647F783C3D0801C59FDCEB3A86D4204E7DB09B6566635F1B50C45D47D7BC35
                                                                    Malicious:false
                                                                    Preview: 2021/04/19-23:35:16.329 19d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/04/19-23:35:16.331 19d0 Recovering log #3.2021/04/19-23:35:16.332 19d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):1179648
                                                                    Entropy (8bit):0.007863516772008226
                                                                    Encrypted:false
                                                                    SSDEEP:12:I+mmTsx+mmTsxlNTpyxlNTpyxlNTpyxlNTpyxlNTpyxHHyTpyxHHyTpy:TmbsmbPXyPXyPXyPXyPXytHwytHwy
                                                                    MD5:E8A2C68FF2C0A772EB15E14633A5E561
                                                                    SHA1:51AC9E0AAF455E41755EF7457E2E797D49392C2D
                                                                    SHA-256:47EF7E4764B0FDA058538453FFA3E607D9A56DB673B5A7530897C8A928006917
                                                                    SHA-512:C5270BD7438EC7051195E7A875030066650BD3AB4E4CBC4FC216274452C9CFA2810E84CB1F2C6BBD1FF4DABA200948D1C551DC1B6A4199CB1AD3306D6BAC0DBA
                                                                    Malicious:false
                                                                    Preview: VLnk.....?......).0k....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210419213512Z-253.bmp
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32
                                                                    Category:dropped
                                                                    Size (bytes):71190
                                                                    Entropy (8bit):2.129534121089013
                                                                    Encrypted:false
                                                                    SSDEEP:384:yAajHZ3rGPPj+NfNURyXIPVay5s/vk7zu3lSB4D:yAajH16j+NfeyQAx/A8
                                                                    MD5:89A824A3AE1230F111F6D1B5A20366BF
                                                                    SHA1:E42138931346928165C20E55EA04E75D2545D6B2
                                                                    SHA-256:FF51B5A89BF04B6B9AD12BCC0ADFFF8F7DEDB9C2BAC7F63F5C80B99B58058C45
                                                                    SHA-512:57356F68F3ACA15D880E7F0D2D256C793CD503D010B82C4927406796652DAFC8FE9DFB2C2A05B2BFA28368480A9D8AEBDBAF8A1C192378C91973A84518D78F45
                                                                    Malicious:false
                                                                    Preview: BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3024000
                                                                    Category:dropped
                                                                    Size (bytes):32768
                                                                    Entropy (8bit):3.448987636863058
                                                                    Encrypted:false
                                                                    SSDEEP:96:k49IVXEBodRBkWCgOOh1CKb849IVXEBodRBkWCgo0Oh1CKbM49IVXEBodRBkWCgP:HedRBtedRBiedRBDedRBa
                                                                    MD5:CF3353095F890AB5C03D9DB09E08096C
                                                                    SHA1:175D0CBB716E5DB1809774DC5CEAA8A36C623DCF
                                                                    SHA-256:AEF4688A6D4B328F6C5E56A3DC227ADF72601943C760259303C1C81BE98D2AD4
                                                                    SHA-512:FCAE785A3B1BFCECE7CBD954B59A94C47AFCE3A78988842FD56620FE348EA271C13E75BAFE427F24EBA0956E3DE8DD3AF874C34BC7E883D8DE04F4F4738C30C1
                                                                    Malicious:false
                                                                    Preview: SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                    File Type:data
                                                                    Category:modified
                                                                    Size (bytes):34928
                                                                    Entropy (8bit):3.315033238634569
                                                                    Encrypted:false
                                                                    SSDEEP:96:iCgOOhZCP+949IVXEBodRBkiCgOOh1CKb4t49IVXEBodRBkBCgo0Oh1CKbWd49If:MiedRBSSedRBGCedRBiyedRBw
                                                                    MD5:FE3E158F2E8B20826B751C36432AF410
                                                                    SHA1:CC37D7075B68FED726542D4A1EB05F4CD3C09FC3
                                                                    SHA-256:C88FA4AE163C635D3AF9EDDE1573E045E0796B9B6D1CDF3510C2BB31DF6B74F0
                                                                    SHA-512:303CA744124232BBD0AAF2537BAEE87CFA269A7991AE644F941ABE1BFFE2C353390C9F3D5914FC6A4E3F052F84452F6CB003DBCE4C1F7D2D1CF9BE8BDE1A33F0
                                                                    Malicious:false
                                                                    Preview: ..............\..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................W....X.W.L...y.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.7012
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                    File Type:PostScript document text
                                                                    Category:dropped
                                                                    Size (bytes):157979
                                                                    Entropy (8bit):5.174259815365338
                                                                    Encrypted:false
                                                                    SSDEEP:1536:amNTjRlaRlQShhp2VpMKRhWa11quVJzlzofqG9Z0ADWp1ttawvayKLWbVG3++:RNj3aRlQShhp2VpMKRhWa11quVJX+
                                                                    MD5:159ACCAFBA209FBC642499809CE2B513
                                                                    SHA1:6D94F57B63CE3BE71EDFB081ECB848B7D06EB2BE
                                                                    SHA-256:ACE286E29DFDB19080E514F3447F46E0E4ED658263AC209A9B4BBCECC36139D3
                                                                    SHA-512:E02BD1B88C1188CBBD4D6C1F5B31A44A278B213D991C6E9B9B06C620D66B1290DFBDF6D7BF92082D51A146C8AF772DAA659F9C2DC0A416C6BA9BE14B89C6E8B8
                                                                    Malicious:false
                                                                    Preview: %!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Marlett.FamilyName:Marlett.StyleName:Regular.MenuName:Marlett.StyleBits:0.WeightClass:500.WidthClass:5.AngleClass:0.FullName:Marlett.WritingScript:Roman.WinName:Marlett.FileLength:27724.NameArray:0,Win,1,Marlett.NameArray:0,Mac,4,Marlett.NameArray:0,Win,1,Marlett.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.FullName:Arial Bold.WritingScript:Roman.WinName:Arial Bold.FileLength:980756.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial Bold.NameAr
                                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.7012
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                    File Type:PostScript document text
                                                                    Category:dropped
                                                                    Size (bytes):9566
                                                                    Entropy (8bit):5.226610011802065
                                                                    Encrypted:false
                                                                    SSDEEP:192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
                                                                    MD5:63B24EA3A13EAC476D6309BB202EF459
                                                                    SHA1:89502C393549C20C933E4553F51F74F3DBE085EF
                                                                    SHA-256:2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
                                                                    SHA-512:2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
                                                                    Malicious:false
                                                                    Preview: %!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.
                                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
                                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):63598
                                                                    Entropy (8bit):5.4331110334817385
                                                                    Encrypted:false
                                                                    SSDEEP:768:PCbGNFYGpiyVFiC0Z5DSVRvWA+Gf9QBzxpppgrj8Yyu:J0GpiyVFih5DGRvWA+GfOJTK
                                                                    MD5:06A27097346BCCE40CF3A372D0F1C6CA
                                                                    SHA1:9106BFF35A7FC3E1143B0BB815DD50095CCA1B59
                                                                    SHA-256:DA93E300430694BDB4859F89AAAEE29011D4DFF9FED972460FCAB52DB818E60B
                                                                    SHA-512:45935E059A81260D9D8082D3CE76373C969F2F08106681B26F7003CCC7289881C122C804DAE03BEFDA24A151ADB748BFB62054DF69AB8884AF6713D35F6C42FD
                                                                    Malicious:false
                                                                    Preview: 4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

                                                                    Static File Info

                                                                    General

                                                                    File type:PDF document, version 1.3
                                                                    Entropy (8bit):7.797730453804649
                                                                    TrID:
                                                                    • Adobe Portable Document Format (5005/1) 100.00%
                                                                    File name:2021-04-13 14-41.pdf
                                                                    File size:2803057
                                                                    MD5:9fd274363428a0b7ba826cd0b98de9ba
                                                                    SHA1:8093425eefd39d6797bbfc3ece4379ffcd2ff09d
                                                                    SHA256:cacb0df455e4b597f9099197422e059e8ad21252aa65b96fc15cf1219f6f98ea
                                                                    SHA512:7e0c78510048cd8b127b4c707e08234d58d7c0261dcf166f29785c5ed6745386804d761e100cf6caf0ad10183e96511a276c71cddb1ec467484631f1c46dcee0
                                                                    SSDEEP:49152:3uRVMrZAAAtuKuQaYxNWP2GSuVFn1egSitmBitg6L8Y+a3:4V8QuKuQaaAP2AVFkgHtoyvgY+a3
                                                                    File Content Preview:%PDF-1.3.%.....1 0 obj.<<./Type /Catalog./Pages 2 0 R.>>.endobj.2 0 obj.<<./Type /Pages./Kids [ 5 0 R 10 0 R 15 0 R 20 0 R 25 0 R ]./Count 5.>>.endobj.3 0 obj.<<./Producer (Haru Free PDF Library 2.4.0dev)./CreationDate (D:20210413184131)./ModDate (D:20210

                                                                    File Icon

                                                                    Icon Hash:74ecccdcd4ccccf0

                                                                    Static PDF Info

                                                                    General

                                                                    Header:%PDF-1.3
                                                                    Total Entropy:7.797730
                                                                    Total Bytes:2803057
                                                                    Stream Entropy:7.796921
                                                                    Stream Bytes:2797981
                                                                    Entropy outside Streams:0.000000
                                                                    Bytes outside Streams:5076
                                                                    Number of EOF found:1
                                                                    Bytes after EOF:

                                                                    Keywords Statistics

                                                                    NameCount
                                                                    obj29
                                                                    endobj29
                                                                    stream10
                                                                    endstream10
                                                                    xref1
                                                                    trailer1
                                                                    startxref1
                                                                    /Page5
                                                                    /Encrypt0
                                                                    /ObjStm0
                                                                    /URI0
                                                                    /JS0
                                                                    /JavaScript0
                                                                    /AA0
                                                                    /OpenAction0
                                                                    /AcroForm0
                                                                    /JBIG2Decode0
                                                                    /RichMedia0
                                                                    /Launch0
                                                                    /EmbeddedFile0

                                                                    Image Streams

                                                                    IDDHASHMD5Preview
                                                                    83038587c7c7c787c8f275debb89378021ecaae69a668c56d
                                                                    13597b795878587c5c47b3a109340ee4641b5c9625e0f9430e
                                                                    185c7c7c7c7c7c78589df4efae9df1ae04b3384491661d0e30
                                                                    233c3c7c7c7878785849d0b3ac7f07595afa7fcd87ad408611
                                                                    283c1c5e587c5878799c16ca8f5bb2c13bbcc415348a5abca1

                                                                    Network Behavior

                                                                    Network Port Distribution

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Apr 19, 2021 23:34:54.005095005 CEST53545318.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:34:54.041899920 CEST53497148.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:34:54.753029108 CEST5802853192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:34:54.801700115 CEST53580288.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:34:55.810636997 CEST5309753192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:34:55.870073080 CEST53530978.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:34:56.941597939 CEST4925753192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:34:57.000160933 CEST53492578.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:34:57.589597940 CEST6238953192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:34:57.638354063 CEST53623898.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:34:59.907620907 CEST4991053192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:34:59.967554092 CEST53499108.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:01.067979097 CEST5585453192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:01.128407955 CEST53558548.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:02.288357019 CEST6454953192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:02.346265078 CEST53645498.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:03.338572979 CEST6315353192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:03.387185097 CEST53631538.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:04.891011000 CEST5299153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:04.942478895 CEST53529918.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:06.154521942 CEST5370053192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:06.203407049 CEST53537008.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:07.220936060 CEST5172653192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:07.280985117 CEST53517268.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:09.871422052 CEST5679453192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:09.920480967 CEST53567948.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:12.857100010 CEST5653453192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:12.909446955 CEST53565348.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:20.293335915 CEST5662753192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:20.305648088 CEST5662153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:20.354931116 CEST53566278.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:20.364218950 CEST53566218.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:20.401288033 CEST6311653192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:20.459734917 CEST53631168.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:21.302751064 CEST5662153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:21.302828074 CEST5662753192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:21.362857103 CEST53566218.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:21.364697933 CEST53566278.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:22.302825928 CEST5662153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:22.302865028 CEST5662753192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:22.356050968 CEST53566278.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:22.364063978 CEST53566218.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:24.207957983 CEST6407853192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:24.266853094 CEST53640788.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:24.334292889 CEST5662753192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:24.334397078 CEST5662153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:24.382945061 CEST53566218.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:24.395837069 CEST53566278.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:27.927041054 CEST6480153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:27.979209900 CEST53648018.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:28.381470919 CEST5662153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:28.381572962 CEST5662753192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:28.430011988 CEST53566218.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:28.441303015 CEST53566278.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:30.331362009 CEST6172153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:30.390389919 CEST53617218.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:31.292253971 CEST5125553192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:31.344201088 CEST53512558.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:32.416886091 CEST6152253192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:32.472224951 CEST53615228.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:33.736656904 CEST5233753192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:33.786542892 CEST53523378.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:42.834126949 CEST5504653192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:42.883949995 CEST53550468.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:43.629481077 CEST4961253192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:43.678303003 CEST53496128.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:45.779150009 CEST4928553192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:45.840719938 CEST53492858.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:50.234334946 CEST5060153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:50.296474934 CEST53506018.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:35:50.393273115 CEST6087553192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:35:50.456496954 CEST53608758.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:00.864063025 CEST5644853192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:00.938749075 CEST53564488.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:01.630484104 CEST5917253192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:01.741094112 CEST53591728.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:02.305982113 CEST6242053192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:02.367866039 CEST53624208.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:02.869570017 CEST6057953192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:02.921915054 CEST5018353192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:02.937093019 CEST53605798.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:02.989698887 CEST53501838.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:03.570688963 CEST6153153192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:03.619703054 CEST53615318.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:04.172607899 CEST4922853192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:04.229578018 CEST53492288.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:04.800513983 CEST5979453192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:04.859883070 CEST53597948.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:05.657779932 CEST5591653192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:05.715341091 CEST53559168.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:06.502687931 CEST5275253192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:06.560075045 CEST53527528.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:07.011997938 CEST6054253192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:07.073848963 CEST53605428.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:16.550528049 CEST6068953192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:16.602016926 CEST53606898.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:17.231713057 CEST6420653192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:17.305711985 CEST53642068.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:20.057293892 CEST5090453192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:20.115776062 CEST53509048.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:53.351316929 CEST5752553192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:53.400008917 CEST53575258.8.8.8192.168.2.4
                                                                    Apr 19, 2021 23:36:55.350733995 CEST5381453192.168.2.48.8.8.8
                                                                    Apr 19, 2021 23:36:55.420691013 CEST53538148.8.8.8192.168.2.4

                                                                    Code Manipulations

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Start time:23:35:02
                                                                    Start date:19/04/2021
                                                                    Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\2021-04-13 14-41.pdf'
                                                                    Imagebase:0xde0000
                                                                    File size:2571312 bytes
                                                                    MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    General

                                                                    Start time:23:35:03
                                                                    Start date:19/04/2021
                                                                    Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\2021-04-13 14-41.pdf'
                                                                    Imagebase:0xde0000
                                                                    File size:2571312 bytes
                                                                    MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    General

                                                                    Start time:23:35:10
                                                                    Start date:19/04/2021
                                                                    Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
                                                                    Imagebase:0x80000
                                                                    File size:9475120 bytes
                                                                    MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    General

                                                                    Start time:23:35:12
                                                                    Start date:19/04/2021
                                                                    Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1000436766168472791 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1000436766168472791 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
                                                                    Imagebase:0x80000
                                                                    File size:9475120 bytes
                                                                    MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    General

                                                                    Start time:23:35:28
                                                                    Start date:19/04/2021
                                                                    Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=16364913901443466544 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
                                                                    Imagebase:0x80000
                                                                    File size:9475120 bytes
                                                                    MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    General

                                                                    Start time:23:35:30
                                                                    Start date:19/04/2021
                                                                    Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9856507164920163182 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9856507164920163182 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
                                                                    Imagebase:0x80000
                                                                    File size:9475120 bytes
                                                                    MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    General

                                                                    Start time:23:35:32
                                                                    Start date:19/04/2021
                                                                    Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,1034595525322129267,9854198427525276997,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13249810019276721345 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13249810019276721345 --renderer-client-id=5 --mojo-platform-channel-handle=1972 --allow-no-sandbox-job /prefetch:1
                                                                    Imagebase:0x80000
                                                                    File size:9475120 bytes
                                                                    MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    Disassembly

                                                                    Code Analysis

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:13.2%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:1
                                                                      Total number of Limit Nodes:0

                                                                      Graph

                                                                      execution_graph 92 920003 LdrInitializeThunk

                                                                      Callgraph

                                                                      Executed Functions

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 7 920490-92049c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 7830058f739be9e807bb2883cc68450b3d0ad54f260b5cc72515f8eef6f4d6c7
                                                                      • Instruction ID: dc75ffabba8814b48a17d033f0984fb2a9035d733e297edd9a57b3a039a1f517
                                                                      • Opcode Fuzzy Hash: 7830058f739be9e807bb2883cc68450b3d0ad54f260b5cc72515f8eef6f4d6c7
                                                                      • Instruction Fuzzy Hash: 219002B235100412D10061998404706010557D0252F75C416E4915A59DCA95887176B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 920003-92001c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 9d21f3cbe069f41ec241107a76175aeee231727dd8999c33b6eb7200b2211878
                                                                      • Instruction ID: 81dffaf2df6d15addd7ca5dd5eef4d8359fc7d8c5ab44799494b84354172f817
                                                                      • Opcode Fuzzy Hash: 9d21f3cbe069f41ec241107a76175aeee231727dd8999c33b6eb7200b2211878
                                                                      • Instruction Fuzzy Hash: 98C0026515E7D15EC30353300C759A23F640E9311276F81DBD4808B0A7C5080969A372
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 5 920310-92031c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 6b0e49e62aaf32367c18b4e18acef3a91b20ead87f034af1d8f4553fc4695e7e
                                                                      • Instruction ID: 1f14c0301f252ee66b21e6df110de22638a0819805648e23fc3ebb19975f718c
                                                                      • Opcode Fuzzy Hash: 6b0e49e62aaf32367c18b4e18acef3a91b20ead87f034af1d8f4553fc4695e7e
                                                                      • Instruction Fuzzy Hash: E69002F239100452D10061598414B06010597E1352F75C019E5455A55D8A59CC7272A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2 920110-92011c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 6cef22ba8517f1445852656ce91cddb37d02ff9edd3d0212ab3176af27751966
                                                                      • Instruction ID: 3ed44c08c7666d614783edf70731b5aa79830fd7454534b98d3d50788e5b021e
                                                                      • Opcode Fuzzy Hash: 6cef22ba8517f1445852656ce91cddb37d02ff9edd3d0212ab3176af27751966
                                                                      • Instruction Fuzzy Hash: 4F9002B235504452D10065599408A06010557D0256F75D015A5455A96DCA758871B2B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 10 920790-92079c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 2d3a4181f50a67ea5cbb07d62e5bf5e7c573b085f94f822ecb3ee7b96b0b511f
                                                                      • Instruction ID: 26e3dea896c42bfeab0cdb761e74b6aa3cf7b4b4d0381474557ec5c156c2cf89
                                                                      • Opcode Fuzzy Hash: 2d3a4181f50a67ea5cbb07d62e5bf5e7c573b085f94f822ecb3ee7b96b0b511f
                                                                      • Instruction Fuzzy Hash: 229002B235100013D140715994186064105A7E1352F75D015E4805A55CDD55887673A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 8 9206d0-9206dc LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 453c836ac7315fdc7ddca8c049f84ca66f2b46638ecaa7f34f4eb2f5d5457aa9
                                                                      • Instruction ID: 465a09edf5ea60179b39aad8b90334e8123a842b8562880c9d388c0f1d36c1dc
                                                                      • Opcode Fuzzy Hash: 453c836ac7315fdc7ddca8c049f84ca66f2b46638ecaa7f34f4eb2f5d5457aa9
                                                                      • Instruction Fuzzy Hash: 169002B235100412D10065999408646010557E0352F75D015A9415A56ECAA588B172B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 4 9202d0-9202dc LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 609d4ec934d80820c17be95c5a1f34e2b9cceb86d86d921df8e00783b05bcfd2
                                                                      • Instruction ID: 30cb670778274678d56fcf8907a14621337dca94910be3f64a19c8659533bc21
                                                                      • Opcode Fuzzy Hash: 609d4ec934d80820c17be95c5a1f34e2b9cceb86d86d921df8e00783b05bcfd2
                                                                      • Instruction Fuzzy Hash: 289002B236114412D1106159C404706010557D1252F75C415A4C15A59D8AD588B172A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 3 9201d0-9201dc LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 7ad0004db5e6ea1a72979f14435f062ba1d59ce6376b1a9cd5b730a42e7990b0
                                                                      • Instruction ID: 9918b74e632fcd3d1b31f7d3a03c2f1573884ea35a078b67e3b3a8884a0b532e
                                                                      • Opcode Fuzzy Hash: 7ad0004db5e6ea1a72979f14435f062ba1d59ce6376b1a9cd5b730a42e7990b0
                                                                      • Instruction Fuzzy Hash: 069002B235100852D10061598404B46010557E0352F75C01AA4515B55D8A55C87176A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1 920050-92005c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: da6a0286f3ec37af36a24133cbb002be7764f9b8ca21499af6c6f0d1f9c08588
                                                                      • Instruction ID: 6c55b338d32cd10ece8d0e6d1269f09b0cb56311f4a20d98312035b5480b70a4
                                                                      • Opcode Fuzzy Hash: da6a0286f3ec37af36a24133cbb002be7764f9b8ca21499af6c6f0d1f9c08588
                                                                      • Instruction Fuzzy Hash: B49002B275500412D14171598454706011957D0292FB5C016A4415A55D8A958B76B7E1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 6 920350-92035c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 0a982526819cb8d6284cbb06124953424569db33ba066e32f1fdfe41716d9d1a
                                                                      • Instruction ID: 1d28f8cc84da3763fe6bb75591b49d450728c1d969056bb61d4c38dfde1b1205
                                                                      • Opcode Fuzzy Hash: 0a982526819cb8d6284cbb06124953424569db33ba066e32f1fdfe41716d9d1a
                                                                      • Instruction Fuzzy Hash: 279002F235504092D11162598404F0A420957E0296FB5C01AA4445A95C89658972F2A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 9 920750-92075c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.874893187.0000000000920000.00000020.00000001.sdmp, Offset: 00920000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_920000_AcroRd32.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 9d9adaa82d18c7334ffd2c0d2a3b804777be0b53c66a7559b373ee51635b09a0
                                                                      • Instruction ID: 7258feafc68531a7033f7131bf19b585ad54808ba7a20bc2043926cd6484e6ef
                                                                      • Opcode Fuzzy Hash: 9d9adaa82d18c7334ffd2c0d2a3b804777be0b53c66a7559b373ee51635b09a0
                                                                      • Instruction Fuzzy Hash: F89002BA36300012D1807159940860A010557D1253FB5D419A4406A59CCD55887973A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions