Loading ...

Play interactive tourEdit tour

Windows Analysis Report Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf

Overview

General Information

Sample Name:Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf
Analysis ID:445706
MD5:8a4d106bd7cd93b824ec43a6a9cf9f17
SHA1:1f3daae06de076de26185d672e25d1582aeee782
SHA256:25b7c93267473fb47e7befc85ac810fe5b89d6f9b8c2bcfb91d3436800fdf27b
Infos:

Most interesting Screenshot:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

High memory usage for Adobe Reader (potential heap spray)
PDF has an OpenAction (likely to launch a dropper script)

Classification

Process Tree

  • System is w10x64
  • AcroRd32.exe (PID: 3924 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • AcroRd32.exe (PID: 3488 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • RdrCEF.exe (PID: 5904 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 4168 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12362944656118107355 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12362944656118107355 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 5672 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=8489781687595542147 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 4120 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17384072550564997965 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17384072550564997965 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 1020 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8027345025244038801 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8027345025244038801 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 5896 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17885131697990081341 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17885131697990081341 --renderer-client-id=6 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Adobe ReaderProcess Stats: High memory usage
Source: Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdfString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdfString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdfString found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdfString found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdfString found in binary or memory: http://www.tcpdf.org)
Source: classification engineClassification label: clean1.winPDF@15/47@0/1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIconsJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R3kcn0c_1rgf1rg_2ow.tmpJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12362944656118107355 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12362944656118107355 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=8489781687595542147 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17384072550564997965 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17384072550564997965 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8027345025244038801 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8027345025244038801 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17885131697990081341 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17885131697990081341 --renderer-client-id=6 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf'Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12362944656118107355 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12362944656118107355 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=8489781687595542147 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17384072550564997965 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17384072550564997965 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8027345025244038801 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8027345025244038801 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17885131697990081341 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17885131697990081341 --renderer-client-id=6 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile opened: C:\Windows\SysWOW64\Msftedit.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdfInitial sample: PDF keyword /Encrypt count = 1
Source: Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdfInitial sample: PDF keyword /OpenAction
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Drive-by Compromise1Windows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingProcess Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 445706 Sample: Operating a hospitality bus... Startdate: 08/07/2021 Architecture: WINDOWS Score: 1 6 AcroRd32.exe 15 37 2->6         started        process3 8 RdrCEF.exe 70 6->8         started        11 AcroRd32.exe 9 7 6->11         started        dnsIp4 21 192.168.2.1 unknown unknown 8->21 13 RdrCEF.exe 8->13         started        15 RdrCEF.exe 8->15         started        17 RdrCEF.exe 8->17         started        19 2 other processes 8->19 process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.tcpdf.org)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.aiim.org/pdfa/ns/property#Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdffalse
    high
    http://www.aiim.org/pdfa/ns/extension/Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdffalse
      high
      http://www.aiim.org/pdfa/ns/id/Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdffalse
        high
        http://www.aiim.org/pdfa/ns/schema#Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdffalse
          high
          http://www.tcpdf.org)Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdffalse
          • Avira URL Cloud: safe
          low

          Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public

          IPDomainCountryFlagASNASN NameMalicious

          Private

          IP
          192.168.2.1

          General Information

          Joe Sandbox Version:32.0.0 Black Diamond
          Analysis ID:445706
          Start date:08.07.2021
          Start time:08:54:07
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 4m 56s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf
          Cookbook file name:defaultwindowspdfcookbook.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:32
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean1.winPDF@15/47@0/1
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Found application associated with file extension: .pdf
          • Found PDF document
          • Find and activate links
          • Close Viewer
          Warnings:
          Show All
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.255.188.83, 23.211.6.115, 104.42.151.234, 104.43.139.144, 80.67.82.97, 80.67.82.75, 23.211.4.250, 20.50.102.62, 23.211.4.86, 40.112.88.60, 173.222.108.226, 173.222.108.210, 104.43.193.48, 20.82.210.154, 80.67.82.235, 80.67.82.211
          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, e4578.dscb.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, acroipm2.adobe.com, arc.msn.com, e12564.dspb.akamaiedge.net, a122.dscd.akamai.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, acroipm2.adobe.com.edgesuite.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, skypedataprdcoleus17.cloudapp.net, armmf.adobe.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size getting too big, too many NtSetInformationFile calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          08:55:04API Interceptor14x Sleep call for process: RdrCEF.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASN

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):615
          Entropy (8bit):5.67233191573396
          Encrypted:false
          SSDEEP:12:vDRM9dbjUmZiEQDRM9w32GvmZiEZDRM9I1B/GeZiE:7Obj2Emx32GbE9ZEbE
          MD5:3BF398AE3125D2D55A79142A88E91DC7
          SHA1:63F8D354EEF688F4E20BCCFF14556A81E9F88E5C
          SHA-256:3A96C9FFE6D5EB8D321032404D0812A1252CF109FABBF187A3F8DE82E1C9FD58
          SHA-512:86FEA289C73EF4B264D30FCF6D17FAD849A1CE1A24C61E4AFD7452177818EA3221B9A3DDE227858F6D2B180EBBBED2A6DA7B57877DA088E2123C38107F32028C
          Malicious:false
          Reputation:low
          Preview: 0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..d..4%/....."#.D.'3..9.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo......J.s.........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .....4%/....."#.DX....9.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo........{0........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ...6.4%/....."#.D.jk..9.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo........k........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):696
          Entropy (8bit):5.631175632566442
          Encrypted:false
          SSDEEP:12:V9zctHi9PQL9zcatUg9PQl//H9zleV9PQ7m9zhuZZ9PQ:XzctC9PQJzxT9PQlNzleV9PQ7KzhAZ9o
          MD5:66B1B8C70E8657D476656E475DF26D9E
          SHA1:CDDC7B3AFF01C52DBF239251FE1C46BA8F8AFA9B
          SHA-256:A8E2F200E93485B9F21796A0906DAB070229BC297FC53FCAC55E4486AE7B7992
          SHA-512:1F09436F6BD1D90A307D9E966D5292EC9B8F363A109E1077223A3EC8ABD9C6BF9D45A2BE0EA702E5D7E8F4CB93EA6CF9845A49E5C52BE91D179486C24B31A732
          Malicious:false
          Reputation:low
          Preview: 0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .S...4%/....."#.Dr.w..9.A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo......-.J.........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ..4..4%/....."#.D.d...9.A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo......-\..........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .....4%/....."#.D..q..9.A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo.......G.?........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ..9$.4%/....."#.D....9.A.1.x.'.vI..*|Z..o...+.4....0..A..Eo...................A..Eo..................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):738
          Entropy (8bit):5.626955714592402
          Encrypted:false
          SSDEEP:12:DyeRVFAFjVFAFHpiplUo6jkyeRVFAFjVFAFPeplUo6jVTyeRVFAFjVFAFkYXl+p2:tB4v4Hp0SBAB4v4PwSBfB4v4flQSB
          MD5:0FB2D60AA075EB7AA045395178471A9F
          SHA1:A61CD6FA0A0CD102EAA3CDD3B37E21DBA5BC8B4A
          SHA-256:13FBF1D237DCA578750AD52EFC480133A87611D6D206454493782D3C562F8CDC
          SHA-512:CBD17DB41344BE777A6A5E535675F7EC2F2A8A626E0E2FAF74EA2A99AC05F7F72713A5F07B703039934CBDE8D6DB0C76D8B1387C746E12A36CF4E6B636B2C4F5
          Malicious:false
          Reputation:low
          Preview: 0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .....4%/....."#.D.x+..9.A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo......!.n.........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .....4%/....."#.D.....9.A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo.......Y.........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..,4.4%/....."#.D..Y..9.A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo......QIE.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):232
          Entropy (8bit):5.6833612904545205
          Encrypted:false
          SSDEEP:6:mNtVYOFLvEWdFCi5RsgXfZd2iWulHyA1TK6t:IbRkiD7XRNWuss
          MD5:ABE4A6FB3C50504C78D07C5664294BD3
          SHA1:65722DAD6BEB98B181E54A0B810161D3B6D60B81
          SHA-256:9D6D2324C42020DD3DB2B899385B1869271D8C1F4F304613ADB6B75EDD46D35F
          SHA-512:7E97FD48717B62D9EF447A41C38C9A42D730F0EE9CD36F28319EDAD292B3EC7D5ED5CCA1F6F5FF278452FF9DF0C02465859E04C26051DEECA89E7E9B5F469C45
          Malicious:false
          Reputation:low
          Preview: 0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js .....4%/....."#.D.....9.A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo..................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):420
          Entropy (8bit):5.604062350557649
          Encrypted:false
          SSDEEP:12:pyixRu0FtJ7V41TEcPzyixRuBiiHZVV41TEtt:NJJZ4xEcj904xEt
          MD5:A931B621D1722ACD86E31CED7F7EF7D6
          SHA1:134F27A8F742D76096DFAF5FDA9DF76899EAC42F
          SHA-256:23F259779B7D236067B0EF59A078848A2C06EF0A83C2719F6694B4C79FE58C7D
          SHA-512:44ADCC4CF06403E12F0A06926BD7F57663136E1259BCDA0D9C5880B97391517C93D1548852E89BE0783E3938232EB62918D3F90A8D381A9E5DEF134B56A44A76
          Malicious:false
          Reputation:low
          Preview: 0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .>...4%/....."#.D@.,..9.Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo......>...........0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ..55.4%/....."#.D\.a..9.Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo.......d..........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):432
          Entropy (8bit):5.636156554283445
          Encrypted:false
          SSDEEP:6:mvYOFLvEWdhwjQq+ltycuLZIl6P41TK6tsvYOFLvEWdhwjQ9UiWvLZIl6P41TK6t:0RhkkXyVLZCsRhkuUiWvLZC
          MD5:63286ABFE1869FA45BD8C81F493233BB
          SHA1:C27CF32E64D608B1C2B04150633182317CE0475E
          SHA-256:17B202C9D9516941D59E8DAF2CF8700571D949E8338997EB9F349118D1899DCF
          SHA-512:7AE289AA1F20D9C4D0870C8933070091182E7870836672E6442C719FD7E5F1E9EEBFC2B5BBDD1D9524BE37A3772D37029D43E9E4103977A212EB6963D54D7A2B
          Malicious:false
          Reputation:low
          Preview: 0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ..Q..4%/....."#.D~....9.A.].>....uUf..N...k......c..l.A..Eo...................A..Eo......yg.+........0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ...1.4%/....."#.Ds.M..9.A.].>....uUf..N...k......c..l.A..Eo...................A..Eo......k.nY........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):418
          Entropy (8bit):5.561000168177894
          Encrypted:false
          SSDEEP:6:mJYOFLvEWdGQRQOdQ5t26g1TK6tl8JYOFLvEWdGQRQOdQE1+6g1TK6tp:2RHRQCIt21T4RHRQCx1+1
          MD5:E4C711132196840FA6A2BA50248155F0
          SHA1:A2F96E1320C318CA0BC0F7652BF59FBDE90FF7F1
          SHA-256:9200E9FC2B218528414C611221A03BD553D2A0075B708EA8237969DF60944EBC
          SHA-512:E7FD31593AADD7DC458C1EFC174E7843B62A99A23C22B9FC209FA28F4835576998F81F3ED0BD61EA8F478341FB6A46032FA4918FFE10B1E0C6110B02F448CFAC
          Malicious:false
          Preview: 0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .....4%/....."#.D."+..9.A..c..y/L....|y.n..C/I.....X7-ne.A..Eo...................A..Eo........~.........0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .7.6.4%/....."#.D,.d..9.A..c..y/L....|y.n..C/I.....X7-ne.A..Eo...................A..Eo......./.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):716
          Entropy (8bit):5.665080458171138
          Encrypted:false
          SSDEEP:12:Z5M+Ce2kTNMuR/EE5MdtmdTNMuR/EXB5MLdv1jZTNMuR/E1w5MwrKTNMuR/E:ZS+CedauR/EES/mRauR/ExSLbjtauR/R
          MD5:2E00061ED70AAF021EF8E95736365469
          SHA1:B078F65FD4F9198DF4822D491ADE5147F083CD7B
          SHA-256:47C9938315C904A1A8DF454313921059685C7278D0558D73F15321F3E82EC1CF
          SHA-512:A8AA37440AC1E8FE0C9EC8113CEDF81058386329EEA42953A10B5B7B9BF55BD45F202F17970D0A7C5FB862845A5F63044CD72DD78E6D8D7E3F5D9140F7E86666
          Malicious:false
          Preview: 0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .....4%/....."#.D..w..9.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......I.)H........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .Kn..4%/....."#.D.....9.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......2..=........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..5..4%/....."#.Da.q..9.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......b...........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .Ec$.4%/....."#.D.....9.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......F>$.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\39c14c1f4b086971_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):212
          Entropy (8bit):5.622688194781317
          Encrypted:false
          SSDEEP:6:mGpYOFLvEWdzAAuUeWIm0bbsIDMGH41TK6tt:XfRMHGKsIZE
          MD5:FA67071D85B39583F01AD6787B07C852
          SHA1:AC04683C4746C9EB2606CA4BF3F143D2A07E62F8
          SHA-256:D827EFCC72E0436F9C2541F8B0F8C20F6F6233D76D613F10FFC6179BF0477D4F
          SHA-512:021F3C5FE5F93DA2E303527A9536B9069B1E215A18ABF1B48C764389E9A9C7E6C4369F3F2227E93262FA3861D72A5B9AF02A9C63A56297E50FF429686AC19467
          Malicious:false
          Preview: 0\r..m......T....,.^...._keyhttps://rna-resource.acrobat.com/static/js/plugins/walk-through/js/selector.js .Eb..4%/....."#.D.jN..9.A..`.....^....L>..Xa./......C.y.A..Eo...................A..Eo.......<!K........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):428
          Entropy (8bit):5.56903287940363
          Encrypted:false
          SSDEEP:6:m4fPYOFLvEWdtu71HX/by0zBUKSAA1TK6t44fPYOFLvEWdtuzNUhKX/by0zBUKSy:pReHvbeJR+NK4beE
          MD5:369F15E6A0EEC87DC963B97D4462A175
          SHA1:A0849EBE40B0A922607B5C4A834E8AFC8389C383
          SHA-256:C71A44A1FCE415133E1B2CBF3FDB8166DA4A0C1F450DFCA7FA885AE91CE536A6
          SHA-512:1BB5D5B51849BBA02EF92130554FA2B7204A89989ACDECE58EAB503C2D42EA41206BC455E7B6FFBA6B8BB36C6DC1B4C1AEEC1ED77682EB88FB93544EF3166C36
          Malicious:false
          Preview: 0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ....4%/....."#.D..+..9.AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......)-X.........0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ...6.4%/....."#.D..n..9.AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo.......w@.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):708
          Entropy (8bit):5.602175269953419
          Encrypted:false
          SSDEEP:12:KkXxKMSCv03fgytUlw4kXxKMSCvztPtUlqikXxKMSCvFSotUlk4kXxKMSCvnUcts:KkXxiCc34yWDkXxiCZPWqikXxiCdSoW9
          MD5:92D3349D0118B748290648C909A36240
          SHA1:001F1D2FADC651B846C4C1661E610F26577B2F32
          SHA-256:F201971FA2FEC2965A0ECC1E78FAE352418D93218897C2787579595B3CAB4CF0
          SHA-512:B14C1072AC86D4B8B8199EFB41D51BB8CF0FC77E1DB4C8660E2A895B3AAF7ACF9F2D4F63FFAB592724D89524546AD53A2C47866A7821921A83B071DD5B26BE7E
          Malicious:false
          Preview: 0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .1...4%/....."#.D..w..9.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.......8..........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .bk..4%/....."#.Dd....9.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo........j.........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .\3..4%/....."#.D8.q..9.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo........j.........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ..a$.4%/....."#.D.....9.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.......R..........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):748
          Entropy (8bit):5.64985717952834
          Encrypted:false
          SSDEEP:12:5h6OLAUHEtqkjh6OLnnkeh6OLoigwXqkoh6OLZNSek:5h6OHWjh6Ykeh6gvX/oh6oNS7
          MD5:8F6BFB6857796D66392110DA59C1328B
          SHA1:75B2BBC628F27FFF60D4D11D13E6DC87A230FCF0
          SHA-256:C0ED4AC1C521836609138AE78CF8B2E15BB8E00DF854D872F3D0E05780BD6295
          SHA-512:70493050ECD90E54DC6B7CF40DC5C48603D74B109AEB64AB59AB00ABF9525FAB36C3DA8904CBAB531894E2C41A5E3D0A10CC45AF15C66B8DF96BF996A381111E
          Malicious:false
          Preview: 0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .....4%/....."#.D.....9.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo................0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .i...4%/....."#.D=}...9.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......P #.........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .....4%/....."#.Dh....9.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo..................0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ...-.4%/....."#.D.3<..9.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):732
          Entropy (8bit):5.627811035662523
          Encrypted:false
          SSDEEP:12:URVFAFjVFAF5v/t5SDKwSeKaTLnWORVFAFjVFAFJ+KwSeKaTLniRVFAFjVFAFERY:UB4v45v15S+wzXLnxB4v4JJwzXLniB4A
          MD5:79EA1F5BE03F05FBD73E40B6862AC539
          SHA1:A58A4D5DDBE1C148DA61C86ED4B40F8A35D62AB0
          SHA-256:B089503DBBA86F8B27B6F5B864AA6723ECD497854C7BD35192B70554FC5A5F1C
          SHA-512:00A654E1357978ABC215D133D4F23688DFAB71BE45E5397FCD210A6A452292B144CF86374E6E9B68B3A27F8CF65B790CB12C02E1F51F034DA2210972CD01AD36
          Malicious:false
          Preview: 0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .....4%/....."#.D.^6..9.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......@Il2........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ....4%/....."#.DD....9.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......d1..........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ..65.4%/....."#.D.Pe..9.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo........xz........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6267ed4d4a13f54b_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):210
          Entropy (8bit):5.584731068005992
          Encrypted:false
          SSDEEP:6:mq9YOFLvEWdzAHdQwR195GFCaa+41TK6t:NRMHdXx5Gda+E
          MD5:2BA1F36230539F467655148BF1815472
          SHA1:55626D471CE194A48652AD123093B3E1A965A7BC
          SHA-256:2369AAEB7A8EA59156CF9A1148806515843FC6AE112F86092BCCE5D7845E226D
          SHA-512:AA4305F17E7B06E59618266B8368E29607D1F21DBC7453F2F50D332A6FEFCEA5849EBF17B82CCE44A3CAE520EC544BF37257293D226F58F8F4BC3DB1AB5990FA
          Malicious:false
          Preview: 0\r..m......R....L......_keyhttps://rna-resource.acrobat.com/static/js/plugins/walk-through/js/plugin.js ....4%/....."#.D.IO..9.A...G.3D.....Q.g0...._.Q.........A..Eo...................A..Eo..................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):422
          Entropy (8bit):5.576518611013936
          Encrypted:false
          SSDEEP:6:ms2VYOFLvEWdvBIEGdeXuoQtWY11TK6tIl2s2VYOFLvEWdvBIEGdeXuR8RN7xY1i:BsR2EsedQtP6RsR2Ese337I
          MD5:0A9604A8E088CBAA8610FB0D8DC6F7B1
          SHA1:F0F1C4BFFE6091B55B11A8BF1B27A9BFF0A199F6
          SHA-256:A93D4C6DA20CF506D663E256D4F3160862A49AEC7A9CF8AC7812C4B44B3B4EB2
          SHA-512:A2110A91F68D41D755FDB068B79D7450BB97C3F11F6C6165C6A20D1CD986B5C867F5F4FB14489DA8F9872E6043408047BDA359C3102C013993F6673A5B45EB3D
          Malicious:false
          Preview: 0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js .....4%/....."#.D.k,..9.A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo.................0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ...4.4%/....."#.D.._..9.A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo.......&.V........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):404
          Entropy (8bit):5.6714642131318245
          Encrypted:false
          SSDEEP:6:maVYOFLvEWdwAPCQrFllt7B7OhKlvA1TK6tl2aVYOFLvEWdwAPCQDe43GroB7OhO:RbR16QX7BJk3hbR16BfMBJk
          MD5:A80AEB7AEE94A706616041A43EB6DD7A
          SHA1:5BF2E5CEBB744C45916779BF9FB41FE9015D9510
          SHA-256:61A1E38DF701DDB8515FD2941BB73DEEA3D540AAB4CF15CADC6AB72A98AE3EA8
          SHA-512:94E5120933C698C79CD67F2151D07889600097DD75FFD803B46530DF4D32B7869C7CFB4DAD7F05BB166F821241CCE7BFD354AA1C13DB31F518DAD73C1B456187
          Malicious:false
          Preview: 0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js .L[..4%/....."#.D6....9.A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo......7...........0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ...1.4%/....."#.D.{M..9.A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo......D..Y........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):422
          Entropy (8bit):5.59054438143928
          Encrypted:false
          SSDEEP:6:ms2gEYOFLvEWdGQRQVuJaFNEMQdFt1TK6tjts2gEYOFLvEWdGQRQVuhbS3NvQdF4:B2geRHRQjFNh0o2geRHRQ4S3B0
          MD5:9766B76AF1DA8F49E9D29F9F101CD27F
          SHA1:8293060BFEE45D404D6347ABE00B8CA538D11C85
          SHA-256:A3C4AAD59894CDFDECCBC2DBBF6318C07394F6141CCC50401401C76C92E9297E
          SHA-512:46988BF37FD644D5023DC75154E210F6AA4702539678BF6CEAAFCE3201663A3DF3C5D8695804C58CB11C06ADAE91C0DDF71CA19CB0B8922674E6A5D8EF77445A
          Malicious:false
          Preview: 0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js .....4%/....."#.D.P,..9.A@..{o]...9o|..qY....T....{..u.b..A..Eo...................A..Eo......sA_.........0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ...4.4%/....."#.Dnm^..9.A@..{o]...9o|..qY....T....{..u.b..A..Eo...................A..Eo......d...........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):824
          Entropy (8bit):5.658130936189142
          Encrypted:false
          SSDEEP:12:WyeRlflt1wR/MyeRlmsOt1wdyeRluRHt1wP+yeRlWXuQGt1w7l:WJnlfwR0JuDfwdJ21fwP+JOXnGfw
          MD5:6E52F4889D1912251F28A183E51153CB
          SHA1:846DEBD33655DBECBB3BF8D8B64E8705E7CE006B
          SHA-256:7D1E84DF126B0B986056D879D5964D995FD166A88656A5E2BBAF847A941E0F05
          SHA-512:638CFFA02F2D53D4530BEAA7ED862AE1C520B9A8D4927955D5A0289AD60AA7A53E0FBF3F1BDAE02758EC5669CB9D1C1E4CB6B99093E8C6A44C9BB66913A83AB1
          Malicious:false
          Preview: 0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .l...4%/....."#.D.....9.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo.......^Gi........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .....4%/....."#.D.<...9.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo.......c>B........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .f...4%/....."#.D.....9.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo......&..E........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .....4%/....."#.D.PA..9.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo..................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):436
          Entropy (8bit):5.615694370270336
          Encrypted:false
          SSDEEP:6:mnYOFLvEWdhwyuetqVqwK+41TK6t9iHHenYOFLvEWdhwyuVN1Kq/GpqwK+41TK6t:wRhnq4wK+EXRhQ1Kq/XwK+E
          MD5:CA72E1D9D01B10545AC64795B6FC4E8C
          SHA1:B875641BEF6B63DB93A61A5EF9A6DB6A96262D33
          SHA-256:6A4C9B12929B57B08E5341E2ADE5CA570F075E4B86D4A8942C016AE957790457
          SHA-512:CE99FD9EA73D331C97D82F471CF957BB4333C72A10A2A5BD971158DF634CD6C4BBADE66278ECEF935E08710715503A3AFEACFEEB8D9AA3B0D041BBC87F76FD21
          Malicious:false
          Preview: 0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .JY..4%/....."#.D.N...9.A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo.......\..........0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ...1.4%/....."#.D.JM..9.A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo..................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):920
          Entropy (8bit):5.659188263652478
          Encrypted:false
          SSDEEP:24:/PJ/wm4jPJ/jNd4bPJ/LiGK4kNPJ/s94+:XJj4DJbL4LJ5K4kZJo4
          MD5:D484C0AF66FB0491370C446CDADBCFDB
          SHA1:4C670110C7F6599704D2EBABEC0CD6CD74BEC020
          SHA-256:E892E702052BD94A767C3B6F22A369D88B4F62BB346A4FA32CCEC42230117AD4
          SHA-512:51E62208232E44115DC5CA7FF36CADD51EF4C569932E89AB54634DE947DB9B5DB2CE0736863666B7FA49EDAE0EBBDF8E384BB204C47386726019B0B0AE74D64A
          Malicious:false
          Preview: 0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ....4%/....."#.D.....9.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......A...........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .-...4%/....."#.D.&...9.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......m...........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .....4%/....."#.D.....9.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......k[m.........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .Q...4%/....."#.D.;A..9.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......@..........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):744
          Entropy (8bit):5.650922260717239
          Encrypted:false
          SSDEEP:12:xqT12eeI4CPLn0qT8+CPLnKqTiK1A7CPLnsqTXSCPLn:AJHwMnrI+MnNuK1A7MnDTSMn
          MD5:1D348E97279C9FAC7E5AFF2D2A050AD7
          SHA1:666DE6230B464C23365977F2418BCE9549FCD51D
          SHA-256:E231F93A74344F95126ABA36FCB8C49AB875A142F4938AB7DE6FB6CDBEE88CEA
          SHA-512:8AFCE2007440DE04F2ECBE1C1EDAF7B95E93F8E83FA1DABA65024B35FA1253914617D844B78C31BB168B9290F152209FBFA146953701DF79FF537E54062B7F84
          Malicious:false
          Preview: 0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .`...4%/....."#.D.g...9.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......vq..........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .....4%/....."#.D.t...9.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo.......F.I........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .....4%/....."#.D%]...9.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......Zk..........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ...-.4%/....."#.D.*<..9.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......{.X.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):621
          Entropy (8bit):5.643955620150503
          Encrypted:false
          SSDEEP:12:zRM3TFtqwosD6RMA3zsDoRMmQie/m/sD:zk3qwbD6vgDotSD
          MD5:15C3C709F2860761CBEC5E2577CFDB63
          SHA1:9873A1971C36E94EB6211EA6E9BD653352D34386
          SHA-256:D281D988E915E51B4687D9A9E140EE66CB8959EF21590044D55F394911FEA962
          SHA-512:649B8A6620302E61C4D00641A2F89C6F6B3F0F4F9C1691A40A6F094A44DF5A3DE772E9DB7465305B708201D17E591F0E9F3B8DE43B2786A8E5BA1A71CC6116BA
          Malicious:false
          Preview: 0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .t...4%/....."#.D.,..9.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......-..:........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .%...4%/....."#.Dz...9.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......[...........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..15.4%/....."#.D..a..9.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.......p..........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):630
          Entropy (8bit):5.639376843155183
          Encrypted:false
          SSDEEP:12:6lJRsAtSKGgFoMElJR8v1eNgFoM0qlJRTRRsgFoMF:YPSFgFoMCKv1EgFoMf9IgFoMF
          MD5:99093B2C1E93410CC9FF1D6D5782282E
          SHA1:8983CF109EA938F54D47FE5BDD1DE5269B925B44
          SHA-256:E4773C8AFF4814E603B4DC90FB458862F893715F8280363F7846993AAF98F83E
          SHA-512:7C5B202CF4A73B50A4DED2A3D8A3CE92893664BF0F2F6B9587F9BB35AB6862AF8D2AFF1D6CFF37C34C8CC261DB8514B068FD9459336261B057303D3E9A6B1251
          Malicious:false
          Preview: 0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .....4%/....."#.D.,..9.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.......~.H........0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .....4%/....."#.D.....9.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......'.#L........0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..35.4%/....."#.Dh^a..9.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......E..I........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):892
          Entropy (8bit):5.638574813025185
          Encrypted:false
          SSDEEP:12:F8hRrROk/qe3zUe2u8hRrROk/0NVe2leN8hRrROk/3NKe2O8hRrROk/MHe212N:UPJ/qeD2jPJ/022M8PJ/3Nx2DPJ/M+2
          MD5:E17BB1784B59348A65B715E2DF561595
          SHA1:54B0D229094108101BFB22A600940FB4C3203A20
          SHA-256:FA4D8409D44725E6432B26AE753B5150894B887E211A442D57F4B112F4EA31C8
          SHA-512:0E937BE92AD31F33C79B011CD6BFA3349DA4B281F15871CA420A2A5194C6A54AAA1AB6173BFCF7FFAC1A464B1AD9E39219A952AB391A0C8FBBEDE018817B6539
          Malicious:false
          Preview: 0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..H..4%/....."#.D....9.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo......<...........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .P...4%/....."#.D.....9.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......B.c........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .....4%/....."#.D...9.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo......E.|.........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ....4%/....."#.D./A..9.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):852
          Entropy (8bit):5.705673685208622
          Encrypted:false
          SSDEEP:12:ehRcNyMirNJICbXIhRcyc9rNJICo+hRcJ/rNJICSuhRcuNorNJIC:ehqFGJICshlSJICo+h6xJICnh1kJIC
          MD5:123801E13B6D9CDE3223E0195E1D77E7
          SHA1:C9ABF47526BD3B75930674DA6795560232AD31F1
          SHA-256:B51DC75A3B2788080802203610EFA144A7A978FD6A1D2039E65B41503AB0A142
          SHA-512:D2FD85963B3365EA9672F83504F15D53A3BBF9AACBD993D9855A202E84B3D19E4DAFA7944A825E58646068B9670DF5D54C4A914B93DBF6DC431A9B1DEFA06512
          Malicious:false
          Preview: 0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .d..4%/....."#.D.....9.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.......P..........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .....4%/....."#.D0d...9.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......._P.........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .....4%/....."#.DE...9.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......]..........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .....4%/....."#.D.zA..9.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......9/l.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):832
          Entropy (8bit):5.6225265634116335
          Encrypted:false
          SSDEEP:12:0Rxh6gReMRfR/Re5R/eHKKRevcRRVbpRei:0Xh6nMFR85Reqhvc3Vbmi
          MD5:990AFA1B282B513488C2384E275F85AA
          SHA1:0E20E718B46DC130B66E4C5E47B9BF2B4DCB1AB0
          SHA-256:C71743A56521021CAB77270F70F9B1D5B0FF8013782B7A9571CF98DF0D862C8A
          SHA-512:FBF8B738479DF2FD7358F15D11F1C58F5E61F05D680C5893DFE9344207C8363595212E43529F14EEBC6744A783B83C9AE70732EF6E409F6878360939B9AE7B96
          Malicious:false
          Preview: 0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .h/..4%/....."#.D.f...9.AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo.................0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .+...4%/....."#.D."...9.AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo.........P........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .S...4%/....."#.D.'...9.AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo.......HSA........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ..y..4%/....."#.D..@..9.AZ.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo...................A..Eo..................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):5.692419656863923
          Encrypted:false
          SSDEEP:12:6JJKOLlVUJJKztPPiJJKjeAUiJJKs1C27:6JIOLlVUJIztPKJIjeAhJIs1C27
          MD5:6E69E7FAE1EF2BCC8596EF69A4B45B76
          SHA1:ADA56BF684288B8FF22679EB885C1FA46C744C85
          SHA-256:9A16CA581F2DD6263C913D9BBA8D0CF837B83A3DC479573667AAD25FA9A02958
          SHA-512:4B2E2202BE59A16B5D30BE354C45FF22ADE5A72B1127930BEE7696E408B092AA4FB5A3BA06544E2110B32263C6AAE1E8489337AF22E64DD760876AEEAF3E8E66
          Malicious:false
          Preview: 0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .H...4%/....."#.D]...9.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......:.X........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .u...4%/....."#.DZ....9.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo........d.........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .q...4%/....."#.D.$...9.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo........-%........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .G.&.4%/....."#.D..&..9.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo........Y.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):428
          Entropy (8bit):5.678001155508824
          Encrypted:false
          SSDEEP:6:mWYOFLvEWdBJvvuSdHtgJc+vhUDLYtmOZn1TK6tIEWYOFLvEWdBJvvuy4wOhUDLW:xRBJxdHtqRKDcFZLWLRBJLt7DcFZL
          MD5:392EA35874F97731751F31CB1860635C
          SHA1:59AE2A3DCE8F2DB5CB2AA148A9EB6C47BF7B7D35
          SHA-256:54EE0CF3DB00B45A0EC39606E6FE2296B7D5F3A67A5F72EC6CA2B69A4A8DA98F
          SHA-512:69AAA6B388689C3781E302DE22F05D8A4566F19DE85AFA811C08A9001B14A629164CB0EA328080E919448C76056EAFB6EACE0503FF82D3272BCBAF4807E4B4D2
          Malicious:false
          Preview: 0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .A...4%/....."#.D..,..9.A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo.......k>^........0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .;.4.4%/....."#.D.._..9.A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo..................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):844
          Entropy (8bit):5.665957500166289
          Encrypted:false
          SSDEEP:12:BPHu3xc+ZPHm/tTcBPHMocrllTPHF0kc:BPHmxcIPHyTcBPHMocr/TPHFBc
          MD5:2C01CE47171FCEEAD3086B323371A6C2
          SHA1:E2F3D7CFBB0DDD42F75CD7A73ACCE939384109D6
          SHA-256:DD5A1C6F2D9C5FE07C3BCA5129FDCC0645664DB94155C6717DBB9907F1511CC0
          SHA-512:C7672D9409ECFBF967EDCBCF595D0BEE15B9603D6BFF9A131640CBE1AB5D3FE21D8E080F26F57FD85FF18FCAE893B74689FDC660B67F4D66D1031DA8E0ED57F3
          Malicious:false
          Preview: 0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .W!..4%/....."#.Dd.x..9.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......w.L........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ..q..4%/....."#.D.%...9.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo........=.........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ..7..4%/....."#.D;6r..9.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo.......r..........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .hd$.4%/....."#.D.....9.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo.......[..........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):416
          Entropy (8bit):5.613333794477252
          Encrypted:false
          SSDEEP:6:mKPYOFLvEWdENU9Qs9ltTiM3Y1TK6tjt2KPYOFLvEWdENU9QoHDiM3Y1TK6tcx:bJRT9LXTr0ttrJRT9Ljr0A
          MD5:28605C46BC2D259B119F991073DA0D43
          SHA1:419490E1C8302DCDC5E518BFDF5161533080B91D
          SHA-256:1B76B547CF4A2E766351D0FEA748B85A898F33422BFC825246F5267F3952F843
          SHA-512:20E85CDFF0BC191EBE513E9E210ABA5161C2870DF7E02791F3CD4E7D6CF9CD12A7A6CEBC4839AC0DC3F6F9F3D5D5E7B46F03B3BE428D312A888E3BC08CD1FAB5
          Malicious:false
          Preview: 0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ..]..4%/....."#.Dh"...9.A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo........-m........0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ...1.4%/....."#.D{OR..9.A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo......".hv........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):416
          Entropy (8bit):5.662815873883398
          Encrypted:false
          SSDEEP:6:mQt6EYOFLvEWdccAHQTFtfMRjBRCh/41TK6tOQt6EYOFLvEWdccAHQfK3IRjBRC/:XRc9QFtfkDi/ERRc98nDi/EW
          MD5:DD32F5388B18A54018861B24280AC93C
          SHA1:51618321F76B1EE8205978295EA203229695BB20
          SHA-256:0746DE64F91CD9EB24D68580A05735680412358B03AF38C3994C80CE43435C63
          SHA-512:E69FD2BC399EBD7B0DBAE1BECEEECBBBB5FFBA94203A1DD2D65CE0638057E0B8E39F9BB7444B8F62202DD5E00C1DA2C24C8B3323987E1B5EE7033C185199238A
          Malicious:false
          Preview: 0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .....4%/....."#.D!.2..9.APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo.........w........0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ...5.4%/....."#.D.Lj..9.APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo......a...........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):462
          Entropy (8bit):5.64227685534583
          Encrypted:false
          SSDEEP:12:bs6xRkiUpbLlF4n0js6xRkiTeOALlF4n:brxpUlo0jrxpSDo
          MD5:592B1119B0B7303C0858316133F9F297
          SHA1:0B0B16F9954D2BC60BDCE8082287E2B98D5BF0E9
          SHA-256:664FF014F6B72E462DED2CE32224421A5782FBF1961904192D0852EEE7308477
          SHA-512:C2454AD55DC886098B0DFD5042D793227C6AED0EB69A948CF307EE395BDEED36BD25CD950A9439F87DB72EB39298EE81A270DFB87F05B3DCF449528C59458AFC
          Malicious:false
          Preview: 0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .q,..4%/....."#.D.....9.A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo......Q..@........0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .....4%/....."#.D.....9.A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo......v<Vq........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:modified
          Size (bytes):430
          Entropy (8bit):5.516410431508952
          Encrypted:false
          SSDEEP:6:mhYOFLvEWd/aFu/e56/941TK6tbFl2hYOFLvEWd/aFu3dm+XNfH941TK6t2t:WRBeO9E9fmRZRXNf9E4t
          MD5:5830D7F3468B8974DF999526EE0084AF
          SHA1:47E80D72005C5EC652EC2E2899F26B8DAE696DA3
          SHA-256:85204D8E681581241B1E2769C19DFC1E1FC9E9EA5508E2515317E13076694A2A
          SHA-512:1B2C02AF5FC5294DC0945679CAA789833BFD271532DD65B06F7AB9F842AB52F57FC5369EF0A74EC89AD35A8B5F929A43A2A6BD49F950C5661A1FF8287F8579F0
          Malicious:false
          Preview: 0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js .f...4%/....."#.DkF,..9.A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo.......a?.........0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ...6.4%/....."#.D/.n..9.A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo......?a.t........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):416
          Entropy (8bit):5.587373464649898
          Encrypted:false
          SSDEEP:12:2DRuRoeo1iWqB9Vd2k1DRuRmXOc9vqB9Vd2ka:8vekiW6bdTRZzh6bdT
          MD5:0A2FC7AC64C6FE535CD4610156014AD4
          SHA1:62FD103AD2C74C8540128376DFF79D285AA9F00A
          SHA-256:5BEE5820D3281C30F4B371F3A7CC1C9B1C37BB46C5007E28337A707AAA8C2DDE
          SHA-512:E8FF9D5A4F441BDFB4A6609B0C395082DDA9766AE1E8B7893CF2A913C3DC0823D515AC109252FF1824A7E9AA696EFAB599A280FF022EA602D037E985720FC872
          Malicious:false
          Preview: 0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ..z..4%/....."#.DeQ+..9.A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo.......w..........0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ...6.4%/....."#.D.6d..9.A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo......k...........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):624
          Entropy (8bit):5.6226204734239875
          Encrypted:false
          SSDEEP:6:mkqYOFLvEWd8CAd9QVe+3uA424r1TK6tvll2kqYOFLvEWd8CAd9QjlVuA424r1Tp:+RQCe+ern5llORQWErnlRQ3NEMZrn
          MD5:4C72D213D716A19BB305ECC2EF4ADF15
          SHA1:772A5DDEFC9438F2F6EAC00FAF4AE09B8C1B0875
          SHA-256:2750A2BD7693135BED30B875F63BE64E3915881E76FB79F00AD437269FC5D80B
          SHA-512:1CE3BB566D552D711A9B073784E0C984EC87141A0F49BB6395B8A8559728FB6E03A1BE57BFD97D5A29635731EE2E8EF6E3D84DEB9AB7EC7545807CA238C80C00
          Malicious:false
          Preview: 0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .Fh..4%/....."#.Dp.5..9.A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......(...........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .....4%/....."#.DJ....9.A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......\.=.........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ...6.4%/....."#.D.>n..9.A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......$7:X........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):420
          Entropy (8bit):5.616693422736673
          Encrypted:false
          SSDEEP:6:moXXYOFLvEWdENUAuHC3lyC8n1TK6tZLYoXXYOFLvEWdENUAum/syC8n1TK6t:xhRTFC3l7QPjhRTU/s7Q
          MD5:443644A8E52E5FD6B576241C3092D5B3
          SHA1:7317B5DB795721CB27E7F2449C89649717A0FDBB
          SHA-256:AAD3B7D575226B1232F8F5F671F982B99C6853E2C87E97E98840EFC50FB51EEF
          SHA-512:DC47EB185D956FFCBC77582F07696A59A91F10E73FB78042FE7EAA7E57621F18331559745BEDFEBEAA04913B23CAF8D2AA6DDEFB3D15FB1B6BE95CD8C4B17AC1
          Malicious:false
          Preview: 0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .....4%/....."#.D.2...9.A8.../...;.\\o....1..........+..A..Eo...................A..Eo..................0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ..m1.4%/....."#.DR'M..9.A8.../...;.\\o....1..........+..A..Eo...................A..Eo..................
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):884
          Entropy (8bit):5.659319432506767
          Encrypted:false
          SSDEEP:12:nRrROk/Ve0m+dRrROk/V6z1aSTmGRrROk/V0em4dRrROk/Vqprm:nPJ/EJ+dPJ/Yz1ZyGPJ/q/oPJ/opK
          MD5:A494A722FA658819FB0B3872669D813A
          SHA1:636245E0D687DBAE26584CE61D9DE0B8DB41A0C3
          SHA-256:FF484119E4729D451629BCCA12661280CA654A0E25DC0E740790D826EF4790A9
          SHA-512:A8C13551ECC1BD580320B4C41055893FFD1E25EAA42A22C28FE1EA04AB44768E4089C98C96E20FCFCC01106C1E7B84BCACDFA1AB193614091DC3932849B2753D
          Malicious:false
          Preview: 0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ....4%/....."#.DXX...9.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......yA..........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .@...4%/....."#.Dg~...9.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo.........b........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..*..4%/....."#.D.F...9.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo........I&........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .....4%/....."#.D..A..9.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo.......*..........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):420
          Entropy (8bit):5.61248295940122
          Encrypted:false
          SSDEEP:6:mZ/lXYOFLvEWdccAWuAT373Adm9741TK6tZZ/lXYOFLvEWdccAWu171Adm9741T3:qxRcyT373Adu7EDxRcL1Adu7EF/
          MD5:E0DA4F54323274D64855720400A8C5D7
          SHA1:150C4BEF5DFD54A5EC462BB3C8103EFFD784ACFF
          SHA-256:03120D5CE63C5AE92F2FE178C76FD8ACBD8A54328EF0DCC3F506C4D4A8EDA285
          SHA-512:48D10F4DB19CA1BBF435491300D43D5E838BB83344D9ADEE9C59A80EF6C9BD6EE4421E99CFC77BED23CC5E21585BCE595BE4D43701E667CB7B7B48DA2D559366
          Malicious:false
          Preview: 0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js .E...4%/....."#.D.1,..9.A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo......g...........0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ..-4.4%/....."#.D..Y..9.A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo......N.1.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):408
          Entropy (8bit):5.591946219163988
          Encrypted:false
          SSDEEP:6:mMOYOFLvEWdwAPVuqAekCcJn1TK6tE2MOYOFLvEWdwAPVuklAeizcJn1TK6tg:2R1seILDR1nlAeFLO
          MD5:4CF5B423FD2F44DA229B4B111A352F33
          SHA1:AF894F79498BF33F4B14BE054FF897529DE0081D
          SHA-256:EEB69B34BC4B023DF7A7FFAE017B53E989A8E426B16C0C6830F295AC5EC5AC9C
          SHA-512:18E1858F903FDE8A6A55A93D80B22CEC6E1845FD4EE4E4D4E41256B763B6401F00A7C20241297E62F18149BF88D1979502A6B8DA2DCEC21923A23B58DD8E1DD7
          Malicious:false
          Preview: 0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js .....4%/....."#.D.....9.A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo........{........0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..j1.4%/....."#.Dt.M..9.A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo.......as.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):424
          Entropy (8bit):5.679519096115818
          Encrypted:false
          SSDEEP:6:m3PXYOFLvEWdBJvYQGxtYbzhcsBXIh1TK6tY3PXYOFLvEWdBJvYQzbzhcsBXIh1n:mxRBJQvxtKDB0KxRBJQAbDB0N
          MD5:E5F5C941F594A7E69E891F0F7C1A550A
          SHA1:BEC6DB993E8358B993B427034504B2DC494E4A39
          SHA-256:8ADCA0FE8428E7CA899CF2A46C81669540349DD6D6ACE33B91AFFCB1A519076B
          SHA-512:748C7E65179DED77A4A694EC6EA4F66270601490E017D1EB5CBE1BF66D3FB925684AC7C6514790262E3463965B42ED730A46DC825F236E4016773E03D0C602C3
          Malicious:false
          Preview: 0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js .8...4%/....."#.D..+..9.A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo......b.:.........0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ...6.4%/....."#.Dh.d..9.A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo......].c.........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):912
          Entropy (8bit):5.6514223552313725
          Encrypted:false
          SSDEEP:24:3PJ/KCCOvPJ/vXmqPJ/qiNqy2HPJ/yS3vI:/JdCOnJn2GJCgCJp/I
          MD5:90013ED928FD2464F4A51D349832A115
          SHA1:8F26DFEE567C4E5E9948FBDB111305ADD9F9EDE0
          SHA-256:771D92F0EB18FC81BFC6928ACB3A70F8D5A2A9FDA8A58DF62F62512442E78427
          SHA-512:5635BBEAD8F1F126821FB1C76FB126F8A78188515438989085B7E5F53AD8DABC650936521CB076AE1D1120E5EA2E4421B08D23ED63C4884EAE9FE767A6B776EF
          Malicious:false
          Preview: 0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ....4%/....."#.D.....9.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo........:.........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .- ..4%/....."#.D.'...9.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......(...........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ..,..4%/....."#.Dg...9.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo........?.........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .....4%/....."#.D..A..9.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......_\..........
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):2064
          Entropy (8bit):5.274755366501211
          Encrypted:false
          SSDEEP:24:Mfg1zZFufGMisp6r6C9QPdsrdQXVBjMlFKiTK1BcSCOn:h1zZ4+dsp6brdQP6FKRBJn
          MD5:8C41D8FAC51A3CAF1ACC407517FB25DE
          SHA1:F5E65C4DA33C877404CB5C38EC9DEE57E865D2C3
          SHA-256:012EDC64F741708C9E766C8F8D55BC191293A7691CFF67454A0552B1AE6C8AEC
          SHA-512:4585E5CC5531D321DAE3C1E570BDE3872868B139905D04EE81A5C8D147566974295DE63BC7157681C93D20736B68BF8D4851B487C62DEBE2B6C2988B63AD6544
          Malicious:false
          Preview: ....h...oy retne....'........'............;.y~A..z.B_./...........*...z.B_./..............oB*.8.B_./............#...(...A_./.............k7A..z.B_./.............D.4..z.B_./..........[.i..%..z.B_./.........<...W..J.8.B_./.........,+..._.#.z.B_./..........J..j....z.B_./...........6<|....8.B_./.........A?.2:...z.B_./..........+.{..'.z.B_./.........*)....J:.z.B_./...........2q.....z.B_./...........P....V.z.B_./.........+.U.!..V.z.B_./............P[. q.z.B_./.........!...0.o.z.B_./..........u\]..q.z.B_./.................z.B_./...........*.....z.B_./..........o..k...z.B_./.........^.~..z..z.B_./.............o..z.B_./.........Gy.'.h..z.B_./.........F..=z;..z.B_./...........3....z.B_./..........v...q...8.B_./..........C..M.....A_./...........a.....8.B_./..........~.,.4>..z.B_./..........&.S.....z.B_./..........@..x..z.B_./.........=....m...z.B_./..........;/....z.B_./..............q..z.B_./............MV3...z.B_./.........:..N.A...z.B_./............B_./.0.....poy retne
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.204888839899835
          Encrypted:false
          SSDEEP:6:m9FyKt+q2PWXp+N2nKuAl9OmbnIFUtpgFwoJZmwPgFwo9VkwOWXp+N2nKuAl9Omt:K9ovaHAahFUtp6wm/P6wa5fHAaSJ
          MD5:D9E8833F9ABEF5898C45DD34EDD3DB8B
          SHA1:4B81B83EEB167F9711A56B744958FCD8CED1B352
          SHA-256:45B201C8CED292BE1A3E77D3C08DE87D580D48A2EA12D83FB9848E75A1593752
          SHA-512:96920DEDA11733AF3AFA34BAE49A9E066C0CC68BC2633C583380C9F16B7BF58DE1CA5F9E0B828C25DE50E6C47529BF21520DB45F9832C1DEBE84E3F50DE299EC
          Malicious:false
          Preview: 2021/07/08-08:55:10.884 728 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/07/08-08:55:10.886 728 Recovering log #3.2021/07/08-08:55:10.886 728 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):1703936
          Entropy (8bit):0.009125983993014569
          Encrypted:false
          SSDEEP:48:TGEiaGEiCsMiCsMiCsMi9sMhCAsMhCrNsMhCrNsMhCrNsMhCr+sMhCDo+sMhCDoo:JKKKnonono
          MD5:21F68B1F50AA5D43174D8ED779840C7D
          SHA1:08E36AFE4C42D559A619CECC819124938E029F8B
          SHA-256:97E0764C48F77E1FA0776A86491A93F132964269B56AF61948844E2F4AF12729
          SHA-512:4572C862C22237B53123F47FDFD3841602AFBC65844DFFA6B5D0CB6F89F035E54FE2E6584A1D223F68470F6E780ECE4D38C3AAE57F907FB71804EB06BD6BDF5B
          Malicious:false
          Preview: VLnk.....?.......Tq.>..j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210708155504Z-269.bmp
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32
          Category:dropped
          Size (bytes):65110
          Entropy (8bit):1.7062777821655342
          Encrypted:false
          SSDEEP:192:SqRdgBA7Nmz6aTDWDmkxBb6iVEDwRFvRx+FOmH0FL:Sz4m1Em8BmrCvRx3L
          MD5:12E1B6F3ED296056272AC6C47C05D926
          SHA1:A87340000E55F8DA215A5B134FC06D0967076E81
          SHA-256:708936B9E8AC0B6F5B2FFCEB980A93882D791C5038B1875684F5D441D513BF9B
          SHA-512:4C41E7821EFF8D859865606E40421D463959665707788AB5EAA35D3B261BB4F6176CC59C27FB3C704EC20DB444B538D45290AA205681D3EBD2A2C6245B8E1980
          Malicious:false
          Preview: BMV.......6...(...k...h..... ..........................R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...o+......................................................................................................................................................................................................................................................................................................................................................R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R..........................................................................................................................................................................................................................................................................................................................................................R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...R...g........
          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          File Type:SQLite 3.x database, last written using SQLite version 3024000
          Category:modified
          Size (bytes):32768
          Entropy (8bit):3.38567237742186
          Encrypted:false
          SSDEEP:96:iR49IVXEBodRBkQ7OhFVCsL49IVXEBodRBkRi7OhAVCs749IVXEBodRBkli7Oh6h:iGedRBtedRBQedRBMedRBN
          MD5:3E6EDADAD757B33E8F6E474B759AC0E2
          SHA1:EC65342A3C924890E266ADCA7544A5868EA9EEB7
          SHA-256:44282D2350E4B0C8AED0F1D1477BECC7BEF065F2799A5CD5E209D43886F9F973
          SHA-512:41411E647C1AD7A41BE102F52E73E42DBD61491C4D39573B0411F64C34615380857D59DEA90009B586A4C319C2989002CFC721240E335B13B289D47EC1A1D110
          Malicious:false
          Preview: SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
          Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          File Type:data
          Category:dropped
          Size (bytes):34928
          Entropy (8bit):3.199049443346944
          Encrypted:false
          SSDEEP:96:t7OhFVCPBn949IVXEBodRBkt7OhFVCsnLR49IVXEBodRBkti7OhAVCsWd49IVXEp:t9niedRB1LGedRB2CedRBqByedRBP
          MD5:D9DF457216F1BBE3D1B68B3DFF7FD3BC
          SHA1:5AE1DEF7EE2177169B04CCDCE25B738A2A1417D6
          SHA-256:309521661931314D185301F14E6F53F212CCD60139332D6767EAD13C6A561A95
          SHA-512:5DF669265ABFD5614C4F40ADF8B5F5F0E03A4EAEDBEFB24CFF974AFC669A3E11777B852AF497FAAE6B0D5A3BC981E9CD1609BC5FDBF339B5E9B4B36CBE53969F
          Malicious:false
          Preview: ............K(.2...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................X...h...y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PDF document, version 1.7
          Entropy (8bit):7.999422424317987
          TrID:
          • Adobe Portable Document Format (5005/1) 100.00%
          File name:Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf
          File size:1085126
          MD5:8a4d106bd7cd93b824ec43a6a9cf9f17
          SHA1:1f3daae06de076de26185d672e25d1582aeee782
          SHA256:25b7c93267473fb47e7befc85ac810fe5b89d6f9b8c2bcfb91d3436800fdf27b
          SHA512:9d08df6e132869d31d1bf493fd8995bff919e23493b08bc4009d0826e7e593fc48f3cdb16a975c690311f8ebccdc3237cd3ef46e9b98b9871f3f295554e6c4b1
          SSDEEP:24576:rXAOXSfvnkn83+i70T+GcrlQCFsP4/puW+CGu6xoAN2JZ:LSnn483r3GP4/QW+/pHNeZ
          File Content Preview:%PDF-1.7.%.....7 0 obj.<< /Type /Page /Parent 1 0 R /LastModified ("".....s.M.c..!..M'...\)) /Resources 2 0 R /MediaBox [0.000000 0.000000 3855.118110 5442.519685] /CropBox [0.000000 0.000000 3855.118110 5442.519685] /BleedBox [0.000000 0.000000 3855.1181

          File Icon

          Icon Hash:74ecccdcd4ccccf0

          Static PDF Info

          General

          Header:%PDF-1.7
          Total Entropy:7.999422
          Total Bytes:1085126
          Stream Entropy:7.999696
          Stream Bytes:1079843
          Entropy outside Streams:0.000000
          Bytes outside Streams:5283
          Number of EOF found:1
          Bytes after EOF:

          Keywords Statistics

          NameCount
          obj23
          endobj23
          stream9
          endstream9
          xref1
          trailer1
          startxref1
          /Page1
          /Encrypt1
          /ObjStm0
          /URI2
          /JS1
          /JavaScript0
          /AA0
          /OpenAction1
          /AcroForm0
          /JBIG2Decode0
          /RichMedia0
          /Launch0
          /EmbeddedFile0

          Network Behavior

          Network Port Distribution

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jul 8, 2021 08:54:48.295965910 CEST5754453192.168.2.38.8.8.8
          Jul 8, 2021 08:54:48.352835894 CEST53575448.8.8.8192.168.2.3
          Jul 8, 2021 08:54:49.030129910 CEST5598453192.168.2.38.8.8.8
          Jul 8, 2021 08:54:49.087971926 CEST53559848.8.8.8192.168.2.3
          Jul 8, 2021 08:54:49.124699116 CEST6418553192.168.2.38.8.8.8
          Jul 8, 2021 08:54:49.170941114 CEST53641858.8.8.8192.168.2.3
          Jul 8, 2021 08:54:49.871629000 CEST6511053192.168.2.38.8.8.8
          Jul 8, 2021 08:54:49.921405077 CEST53651108.8.8.8192.168.2.3
          Jul 8, 2021 08:54:50.865833998 CEST5836153192.168.2.38.8.8.8
          Jul 8, 2021 08:54:50.915371895 CEST53583618.8.8.8192.168.2.3
          Jul 8, 2021 08:55:00.313437939 CEST6349253192.168.2.38.8.8.8
          Jul 8, 2021 08:55:00.370907068 CEST53634928.8.8.8192.168.2.3
          Jul 8, 2021 08:55:01.457237005 CEST6083153192.168.2.38.8.8.8
          Jul 8, 2021 08:55:01.506386042 CEST53608318.8.8.8192.168.2.3
          Jul 8, 2021 08:55:02.580524921 CEST6010053192.168.2.38.8.8.8
          Jul 8, 2021 08:55:02.629810095 CEST53601008.8.8.8192.168.2.3
          Jul 8, 2021 08:55:04.660367966 CEST5319553192.168.2.38.8.8.8
          Jul 8, 2021 08:55:04.709294081 CEST53531958.8.8.8192.168.2.3
          Jul 8, 2021 08:55:07.173755884 CEST5014153192.168.2.38.8.8.8
          Jul 8, 2021 08:55:07.231868029 CEST53501418.8.8.8192.168.2.3
          Jul 8, 2021 08:55:13.079545975 CEST5302353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:13.081022978 CEST4956353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:13.135461092 CEST53530238.8.8.8192.168.2.3
          Jul 8, 2021 08:55:13.140556097 CEST53495638.8.8.8192.168.2.3
          Jul 8, 2021 08:55:13.234358072 CEST5135253192.168.2.38.8.8.8
          Jul 8, 2021 08:55:13.281527996 CEST53513528.8.8.8192.168.2.3
          Jul 8, 2021 08:55:14.086354017 CEST4956353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:14.089557886 CEST5302353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:14.149374962 CEST53530238.8.8.8192.168.2.3
          Jul 8, 2021 08:55:14.149403095 CEST53495638.8.8.8192.168.2.3
          Jul 8, 2021 08:55:15.101504087 CEST5302353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:15.101696968 CEST4956353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:15.158057928 CEST53530238.8.8.8192.168.2.3
          Jul 8, 2021 08:55:15.163475037 CEST53495638.8.8.8192.168.2.3
          Jul 8, 2021 08:55:15.184422970 CEST5934953192.168.2.38.8.8.8
          Jul 8, 2021 08:55:15.240231991 CEST53593498.8.8.8192.168.2.3
          Jul 8, 2021 08:55:17.106215000 CEST4956353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:17.106275082 CEST5302353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:17.157921076 CEST53495638.8.8.8192.168.2.3
          Jul 8, 2021 08:55:17.165904999 CEST53530238.8.8.8192.168.2.3
          Jul 8, 2021 08:55:20.847451925 CEST5708453192.168.2.38.8.8.8
          Jul 8, 2021 08:55:20.896436930 CEST53570848.8.8.8192.168.2.3
          Jul 8, 2021 08:55:21.107383013 CEST5302353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:21.109946012 CEST4956353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:21.161787987 CEST53530238.8.8.8192.168.2.3
          Jul 8, 2021 08:55:21.167002916 CEST53495638.8.8.8192.168.2.3
          Jul 8, 2021 08:55:21.931644917 CEST5882353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:21.986309052 CEST53588238.8.8.8192.168.2.3
          Jul 8, 2021 08:55:23.837109089 CEST5756853192.168.2.38.8.8.8
          Jul 8, 2021 08:55:23.903742075 CEST53575688.8.8.8192.168.2.3
          Jul 8, 2021 08:55:25.134238958 CEST5054053192.168.2.38.8.8.8
          Jul 8, 2021 08:55:25.190437078 CEST53505408.8.8.8192.168.2.3
          Jul 8, 2021 08:55:27.175671101 CEST5436653192.168.2.38.8.8.8
          Jul 8, 2021 08:55:27.221648932 CEST53543668.8.8.8192.168.2.3
          Jul 8, 2021 08:55:28.186556101 CEST5303453192.168.2.38.8.8.8
          Jul 8, 2021 08:55:28.241244078 CEST53530348.8.8.8192.168.2.3
          Jul 8, 2021 08:55:40.801423073 CEST5776253192.168.2.38.8.8.8
          Jul 8, 2021 08:55:40.873991966 CEST53577628.8.8.8192.168.2.3
          Jul 8, 2021 08:55:42.510607004 CEST5543553192.168.2.38.8.8.8
          Jul 8, 2021 08:55:42.566596985 CEST53554358.8.8.8192.168.2.3
          Jul 8, 2021 08:55:47.871310949 CEST5071353192.168.2.38.8.8.8
          Jul 8, 2021 08:55:47.920085907 CEST53507138.8.8.8192.168.2.3
          Jul 8, 2021 08:55:48.782264948 CEST5613253192.168.2.38.8.8.8
          Jul 8, 2021 08:55:48.830034971 CEST53561328.8.8.8192.168.2.3
          Jul 8, 2021 08:55:57.930440903 CEST5898753192.168.2.38.8.8.8
          Jul 8, 2021 08:55:57.994101048 CEST53589878.8.8.8192.168.2.3
          Jul 8, 2021 08:56:02.005471945 CEST5657953192.168.2.38.8.8.8
          Jul 8, 2021 08:56:02.064380884 CEST53565798.8.8.8192.168.2.3
          Jul 8, 2021 08:56:33.087569952 CEST6063353192.168.2.38.8.8.8
          Jul 8, 2021 08:56:33.160883904 CEST53606338.8.8.8192.168.2.3
          Jul 8, 2021 08:56:34.348231077 CEST6129253192.168.2.38.8.8.8
          Jul 8, 2021 08:56:34.419392109 CEST53612928.8.8.8192.168.2.3

          Code Manipulations

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Start time:08:54:54
          Start date:08/07/2021
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          Wow64 process (32bit):true
          Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf'
          Imagebase:0x930000
          File size:2571312 bytes
          MD5 hash:B969CF0C7B2C443A99034881E8C8740A
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate

          General

          Start time:08:54:55
          Start date:08/07/2021
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          Wow64 process (32bit):true
          Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Operating a hospitality business in a COVID-19 environment_Certificate of completion.pdf'
          Imagebase:0x930000
          File size:2571312 bytes
          MD5 hash:B969CF0C7B2C443A99034881E8C8740A
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:moderate

          General

          Start time:08:55:03
          Start date:08/07/2021
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          Wow64 process (32bit):true
          Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
          Imagebase:0xbd0000
          File size:9475120 bytes
          MD5 hash:9AEBA3BACD721484391D15478A4080C7
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate

          General

          Start time:08:55:06
          Start date:08/07/2021
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          Wow64 process (32bit):true
          Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12362944656118107355 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12362944656118107355 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
          Imagebase:0xbd0000
          File size:9475120 bytes
          MD5 hash:9AEBA3BACD721484391D15478A4080C7
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:moderate

          General

          Start time:08:55:08
          Start date:08/07/2021
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          Wow64 process (32bit):true
          Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=8489781687595542147 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
          Imagebase:0xbd0000
          File size:9475120 bytes
          MD5 hash:9AEBA3BACD721484391D15478A4080C7
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:moderate

          General

          Start time:08:55:12
          Start date:08/07/2021
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          Wow64 process (32bit):true
          Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17384072550564997965 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17384072550564997965 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
          Imagebase:0xbd0000
          File size:9475120 bytes
          MD5 hash:9AEBA3BACD721484391D15478A4080C7
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:moderate

          General

          Start time:08:55:14
          Start date:08/07/2021
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          Wow64 process (32bit):true
          Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8027345025244038801 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8027345025244038801 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
          Imagebase:0xbd0000
          File size:9475120 bytes
          MD5 hash:9AEBA3BACD721484391D15478A4080C7
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:moderate

          General

          Start time:08:55:16
          Start date:08/07/2021
          Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          Wow64 process (32bit):true
          Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1620,5906189657434163320,668840119143517484,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17885131697990081341 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17885131697990081341 --renderer-client-id=6 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:1
          Imagebase:0xbd0000
          File size:9475120 bytes
          MD5 hash:9AEBA3BACD721484391D15478A4080C7
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:moderate

          Disassembly

          Reset < >