Edit tour

Windows Analysis Report
Send for Peter Bayliss.msg

Overview

General Information

Sample Name:	Send for Peter Bayliss.msg
Analysis ID:	756112
MD5:	7aee648f7e5934f4fd9738292ce01721
SHA1:	b0da84770c7cf47d5f6d09fbecf6e0ba7f11f314
SHA256:	a1e682ff53fb34ac511a618c6add7c26c6000f86a7e31c129e4772179310295e
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6624 cmdline: C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Send for Peter Bayliss.msg MD5: CA3FDE8329DE07C95897DB0D828545CD)

AcroRd32.exe (PID: 6900 cmdline: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\R172JYD4\Peter Bayliss 273238652.pdf MD5: 0EAC436587F5A1BEF8AEB2E2381D2405)

RdrCEF.exe (PID: 6440 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 4AC861CBCAFA331A72C04BF35AE792E3)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20221129T1644340163-6624.etl

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: classification engine

Classification label: clean0.winMSG@12/56@0/1

Source: unknown	Process created: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Send for Peter Bayliss.msg
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\R172JYD4\Peter Bayliss 273238652.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.7052

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	2 System Information Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	756112
Start date and time:	2022-11-29 16:43:59 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Send for Peter Bayliss.msg
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.winMSG@12/56@0/1
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .msg

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 88.221.168.141, 2.19.126.92, 2.19.126.76, 23.54.113.182, 107.22.247.231, 18.207.85.246, 34.193.227.236, 54.144.73.197, 2.21.22.179, 2.21.22.155
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, client.wns.windows.com, fs.microsoft.com, odc.officeapps.live.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, p13n.adobe.io, acroipm2.adobe.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	205
Entropy (8bit):	5.603584086021357
Encrypted:	false
SSDEEP:	3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuVI/NcM0hyRktG/iTFJrqzOJkvP5m1:men9YOFLvEWdM9QWt6i7Z+P41
MD5:	A60104E0D9BEBFAFF9E6A02277BC619E
SHA1:	B8A021B6A86097999BAE8BB6E5E8D4C1A01011F7
SHA-256:	687ED671E22961560AD2199D786C9737581761D412CC05E853F93A10850323E4
SHA-512:	C0C7336805566EDD6E5AF1C3B6F4160E157D336FFD2591389887C569AD5501C62E53E8A2CFE6C5E0B6CA785E6197A38E9BF362910F4FB90E855DF9705C054A26
Malicious:	false
Reputation:	low
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ....'4M/......*.WyQ@...A.A..Eo.........s............d.{v.^.G...d.W.:...P..k%..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	174
Entropy (8bit):	5.511130250091965
Encrypted:	false
SSDEEP:	3:m+lF9NX6v8RzYOCGLvHktWVzvKqMdoyRktrlW98fZe/O+/rkwGhkg4m1:mi9NqEYOFLvEkZvK/dat88Be7Ywcr1
MD5:	EE94B06144904009CB5659B80F9B76AA
SHA1:	A1802A6630298C38F33B9079B46FFE11B6D0F6F8
SHA-256:	4D5E9A86FA6C3206C1F9076ACBA6F60AE8AE0707404053FE18D1F09DAB8AE97B
SHA-512:	2CCBDD2573B5B3F47F9CF26F3593D5ED9D7D09B00D6C1E7FB2136ADF5B381E14BD9E6FE646B3EFF6FA53815DAC4A48AFBECA2E2C45B239972369A86CE3811782
Malicious:	false
Reputation:	low
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ...'4M/.........?...A.A..Eo.........x.........1.x.'.vI..\|Z..o...+.4....0..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	246
Entropy (8bit):	5.598617894171989
Encrypted:	false
SSDEEP:	6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhuBQtU4t/RlUoSjGY1:DyeRVFAFjVFAF1QjtZlUo6
MD5:	FAAAF321E1E13D575529F8B986FAAE02
SHA1:	D24A09D06394AB721C1B804D688653E7CBA68E2D
SHA-256:	43176D88CEE60671471BCFC90B4494B48EFFFA5295F0F811B660648EB65D0E1A
SHA-512:	62166091FF545F344E3EC3053C245E05BA561E85853324492486A6DF2F9E0ABA016A3C2BD8BE50FFAB5C0FBFA8E3A44EAE3F855B6C3346C34AF823F5350DD62C
Malicious:	false
Reputation:	low
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .G..'4M/.......F.D@...A.A..Eo......H.............hvDO.N.t@.....n....... ....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.674129784204191
Encrypted:	false
SSDEEP:	6:mNtVYOFLvEWdFCi5Rs4UvEfatnFbuiWulHyA1:IbRkiDP2EfafbjWus
MD5:	B5884DFD9042445C4D528315A782FA52
SHA1:	D24736D09AC9B518DC2BBF8928B63C438DDB834C
SHA-256:	CD7EFBB1973005B992DA2E0081B7BCC5AF4C179106E9E0C7019EE16F35F3C68E
SHA-512:	C689D56ED408C89E2864EDDF299BA09E259D8B96C04F919D23AD978799177DFF8D5CE65A51C504783F36D17E8411813335EDB6275E678BF1FB97EEE1837EB30F
Malicious:	false
Reputation:	low
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ....'4M/......*..V.?...A.A..Eo......c.............8 P..a...R..Y....7.@..2Dm{..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.540250433492736
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVuXU/kt5Vyh9PT41:pyixRuhgkvV41T
MD5:	197F13FEC0ECBDA127D0648D8F2C9883
SHA1:	35183BF53F634548915B562A87A57841E341A33A
SHA-256:	1EC4A9A2DE6764BE0D3A7DC7AA6E816DA8D395C790B81B49F4E05053DDFE3BC7
SHA-512:	633A965ECF4BDC13D2223D5C9F68C227D0E9C3CC6DC2BEF6CC645FF7762E0D77F97763D811F5B45D706CEF993C3F0A8DD3327C2DDF1F88AF1288B4E249BF37A0
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ..n.'4M/......*..^F@...A.A..Eo........._........k.Q.....-_..y.....O...>..1....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.643661272748334
Encrypted:	false
SSDEEP:	3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVC2i/yRkt4xThlYo2sZI8xeGvP5y:mvYOFLvEWdhwjQ52+tqT3ZIl6P41
MD5:	9434C61DE0B5EA545E24C2D5C0401607
SHA1:	59205F144B1F1FFD6C7E303F5874B27751137B6D
SHA-256:	B190C9D6D4112909B45DE9F5034208FE29763C6461B43E5B07982928A9DABB0F
SHA-512:	33B808E8A2526958529B4ED82EC3B210873329A87FE37049E72F3A822BAE7353911B0808F4B9E990DCBF2CF845B3EAAB3955392AB6311BA7B74E9BAF35B865E2
Malicious:	false
Reputation:	low
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ....'4M/......*...5@...A.A..Eo......{..F.........].>....uUf..N...k......c..l.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	modified
Size (bytes):	209
Entropy (8bit):	5.538288011326273
Encrypted:	false
SSDEEP:	3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVQ1mlcAyRktuVcyxMtv9EWm1:mJYOFLvEWdGQRQOdQWjtaD6g1
MD5:	6838E80ABBDA121A8BD013C13528472E
SHA1:	18485ADC12328D6B65B125C815A28F9EFFBB77B8
SHA-256:	0771923851562F53BF5B8930E21C2E56601BC5F70BC4F240017EC323D7323A24
SHA-512:	A85C3984100BC7746BF0BE3824938EE9DD05955F21A9F35548A3E0FF414F5BFC4DA9F5504CFE284AC092F5116BC383907DF03687798F19BDA324B49BB7A8E12E
Malicious:	false
Reputation:	low
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ...'4M/......*./.F@...A.A..Eo....................c..y/L....\|y.n..C/I.....X7-ne.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.5283094125069
Encrypted:	false
SSDEEP:	3:m+lLp08RzYOCGLvHkfaMMuVPl1kMoyRktc9tNQMWqg4nRb7om5m1:mOYOFLvECMLcMatE2uR/41
MD5:	11F2BCF9345ED60202E876F7C1F6657F
SHA1:	92347DF1552AFF43A5C5AA57486BAE42E41B0A96
SHA-256:	CB0C949DD4E8D5D692B60EC009DDF83453B1A00A038E30E05189FBEC1A097B0C
SHA-512:	A91BC128F5CDCA6C3247F201A510EA2384D51CC9C30F46587192F97D84A04608BA443820B09BA57FFB39F6FEBCD2EDF7DE00868E5E5B90686F6B103F7420EC96
Malicious:	false
Reputation:	low
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..d.'4M/......*....?...A.A..Eo.......YoG.........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	177
Entropy (8bit):	5.497812608563042
Encrypted:	false
SSDEEP:	3:m+l64HXlA8RzYOCGLvHkjXMLOWFvlClFGGoyRktt+d1dn76KohyP5m1:md4HXXYOFLvEjMSWFvglEGat0jUdyP41
MD5:	AF1A5C18D31352223A761CC5BF33EF35
SHA1:	A3AD07E6F0F89F3B391ACFAE63E1D741F063B1C2
SHA-256:	45143E930D3FE1228BE628098AD7CAE5818A24FEE2706FCA39A0E8973B6E865D
SHA-512:	94E16EDBCA4F4B49D2B0728E97477D0BD6392DC0857D2E743724A39C3C9E9869B23ADD46838B72A0EA973A0A00B28821B7E125A5C78965EC4187C847A1C1E80E
Malicious:	false
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ....'4M/......*....?...A.A..Eo.........?.........PU ....t^.....a.k..u.7.M.BW6#}..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.614566642248509
Encrypted:	false
SSDEEP:	6:msNXYOFLvEWdpJWNKjQNrStvo8E+IUGkA1:BjRpJWNKjVK8NID
MD5:	79567DDE1A1FA357DC51D981781AF246
SHA1:	67E19A44615AECB31B701B60DFA991116A37DC1E
SHA-256:	4BD7404D746FA790E1CB5E52FFD3DDBE0C6FD2A912B9F999E229A75B927E78CB
SHA-512:	B9E29E049A8E7AF069E154DDF5D87FB6729ECCF90A77FF4137D882C882A453278D98B254DA1F361E4A0B696C92950CC54D401AF3A2055CABDC8DAAA06F476F5D
Malicious:	false
Preview:	0\r..m......S...9O......_keyhttps://rna-resource.acrobat.com/static/js/plugins/unified-share/js/plugin.js ....'4M/......*...<@...A.A..Eo........#..........e.....@-H.>a..o..sh.5.A.x..C..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	187
Entropy (8bit):	5.547910091960451
Encrypted:	false
SSDEEP:	3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLFarES0hyRktyHtjUPqf9tsDMaPV44m1:mkl9YOFLvEWsfOLTSQtyNoPqVyM+VY1
MD5:	33DF68F8F4FE1B2B93A27951094DCD6D
SHA1:	F49062F036239DF95B884EE25F5D6896F965B2BB
SHA-256:	032F534925CBFFBC185394791484A59CEEE8B4DBF1402F6E0F0716BF26B18892
SHA-512:	A1CCE1F52F078A2B8C7D496847AD2B08E8399A7F78B8E6D3D535E2F4670A7C3D3FB570E256D7B5BCF26E954E4E019BD02AB618479F58480A6775CDDAB0E84E8D
Malicious:	false
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .D.'4M/......*.@.!@...A.A..Eo.........w..........q.O...j....._y..L^z...?..@N..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	244
Entropy (8bit):	5.612310622279349
Encrypted:	false
SSDEEP:	6:mt9YOFLvEWdVFLBKFjVFLBKFlygVQtItwSeKaT9pr1:URVFAFjVFAF9KetwSeKaTL
MD5:	19214AA7999D29EE3834114F302E1404
SHA1:	1250D3D44AA7E96CDB5B26505E381F017635FC36
SHA-256:	DB8B8B2E92146DE31F430EA290F8D4E098EFC65D11F3839155A191F193450263
SHA-512:	2306199236365845E1AD80B312B4C16821E2577A3667AFE464992B2B7909729075635D0A7335CBF1BE87418027CADEAAD60EC981FE489E2E86813252B7E48011
Malicious:	false
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ..'4M/........FM@...A.A..Eo......)................H...{...2../.k`..r4.C. .A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\64766d63a539c3ca_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.615546963093604
Encrypted:	false
SSDEEP:	3:m+lUZHWK8RzYOCGLvHkWBGKuKjXKKINiB4KPEEKPWFvolK/VdoyRktk8m01iwIQi:m8nYOFLvEWdfNBHYuB/atk8m0kwU1
MD5:	83624C19FE408487808928F55C8841C1
SHA1:	4451EF89087FAC790D016164B670298EA5BCDFF0
SHA-256:	49851A12DEBFCF86971B8C6AEB309E0A2DD44B05FCE7528E3FC31BE5DFDB1CBA
SHA-512:	F172E5EC3A57DAF3946FEBE7040AC9040A412BC89A606A7D72E0C2F832B8CF230D84DAE674BB80F4E14DAB2D8C7396738B17FA0A743FBE6AFB645E5242330421
Malicious:	false
Preview:	0\r..m......T....."....._keyhttps://rna-resource.acrobat.com/static/js/plugins/task-handler/js/selector.js ...v'4M/......*...J?...A.A..Eo......................8U-....a=...`#..VT.k......A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.494236945989876
Encrypted:	false
SSDEEP:	6:ms2VYOFLvEWdvBIEGdeXu6ClMQtQX211:BsR2Ese+ljeX
MD5:	CF5E95A3D557EC58740B39E8CAB8230F
SHA1:	9AA90493603A41DE18667890223593D3E6522788
SHA-256:	2C9D636FB0778FA53ED25A534D13D3C8E573C841311C2C7D181758C26150C36F
SHA-512:	9B04309A382C5027C68A629790967AE42715BBCF007446999E54679D6077D2977A749C25BA7F0687F363E835E8567AB4A31B42D03A9CF5A9BC8A87B4F26E9569
Malicious:	false
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..M.'4M/......*.x.E@...A.A..Eo......c............A.o]@r..Q.....<w.....].n\....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.641697303357163
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQHIxrtD1xm7OhKlvA1:RbR16dxrTxmJ
MD5:	2C67092037DF61CF1314A90AE1C3D2B7
SHA1:	8BED394DAC43CB9852187482899154196D7D30BE
SHA-256:	5B9D2E48430E6CF72C63300F1FB2CD9112CC1EC08938F95B70B304C065F91713
SHA-512:	70C4986BFCF7F0BFEABEE9009C2C996970BCB267A2E92EA1F92A3EEAB6B533EC4F9D43FB682A8E67D271E13CB3FA127DF6E9F0BE458624CE62329AB20B77DA15
Malicious:	false
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ..'4M/......*..}5@...A.A..Eo.......!............4T].....Tw.....(..b...EO....9.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.565707635380664
Encrypted:	false
SSDEEP:	3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvO1lYk9hyRktO4HltFdF5V:ms2gEYOFLvEWdGQRQVu8OQtFlPdFt1
MD5:	DBA8F0EAD3AF66467F855289BEB78B54
SHA1:	9D1613AD31F5DDE2942CDF455F91A661D152441F
SHA-256:	637AE61B73A43D855352BB003AA27F05257F0093AC84C37A2288E722911F9403
SHA-512:	E46B74A6929D4B0BD8ADB8AB5F531FFA256C514EB6BF465872233461794FCFF218010BBB40ACA8ECD23DD5DE4E83128C589DE64D3EE21D2468D60054413812CE
Malicious:	false
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js .y5.'4M/......*...E@...A.A..Eo.......P..........@..{o]...9o\|..qY....T....{..u.b..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.582239023762715
Encrypted:	false
SSDEEP:	6:m+8nYOFLvEWIAuELZRudyPGdtUN0KGkTqcY1:1StuEH2xCp
MD5:	E1978E7D3E7EF8A5718408475997B7E8
SHA1:	7D47625326A194E70BC1D4DEE446D1CC6311946F
SHA-256:	93F9031C2F134181F59152C7AA7C461222921FD2E47D4848603453208A1D4E3C
SHA-512:	CD52273C6D27999A5EC91A1D776984E38CE745A400BF8CBA087AF5A81F0FD678A897142E10108E268CCD9AFEFCB1ABED8E8A791CE32269D79230A747D19EF72E
Malicious:	false
Preview:	0\r..m......b.....6....._keyhttps://rna-resource.acrobat.com/static/js/libs/microsoftGraph/microsoft-graph-js-sdk-web.js .Xp.'4M/.......e..@...A.A..Eo......@.,U..............-.....5p9o..k#.}..6(..A...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.622536802656
Encrypted:	false
SSDEEP:	3:m+l3Umv8RzYOCGLvHkWBGKuKjXKIMcWQAPKfKPWFvn0apyRktQ/lllR/xFzGogm1:mgEYOFLvEWdpJWNKyu1HtQ1R/xXj1
MD5:	979604FB7D02BE830AC0054117EA5D2D
SHA1:	6C185A8F53DF9AC7BE745E970201B7521ACE3D56
SHA-256:	1DE8715B698EA5EF7478395C82D5F3FDAA83E3198CC1D7666327C10EBB2E9A7E
SHA-512:	C52F31950BF093811E5617DBE4043E2072B89461DEE84531BE6A0EF91261C86188F315590B0E045762EA71BC60F6F02A92FF80E5B11B369DADFFC67370E92276
Malicious:	false
Preview:	0\r..m......U...r.L....._keyhttps://rna-resource.acrobat.com/static/js/plugins/unified-share/js/selector.js ..'4M/......*.`.5@...A.A..Eo......I..L.........U......&.Y\|.. . .&.............A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	206
Entropy (8bit):	5.554805268827072
Encrypted:	false
SSDEEP:	3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVeDKBpG/yRktOvHl/l4EnNWQ1SUy:mzyEYOFLvEWdrIOQ1WmtOtGEt1S/1
MD5:	378D515EAEE8D64CDAB65A96348537E4
SHA1:	163F6BD1502AA2A6601D79118DEFB3A2EE15D44E
SHA-256:	224D09FBAAC4FC940533E473CFF13C6F94D50C64DE6FF83DEF76EC3A5FDCF5F2
SHA-512:	3BEB1C14D3F4DD6E12127E6B0BA8F53E9D7038948083BAA65C2B9DDF0818AE95F46F16A91C0DFC46512E00D7FD94D8A6820C069DB4800968BE483220CB157CAB
Malicious:	false
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .Q..'4M/......*...'@...A.A..Eo......Xo...........t\a......x5.'OuE.C..@......x..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.581660561689442
Encrypted:	false
SSDEEP:	3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvEvl/yRktOqflSlwJNqww6U+5m1:mnYOFLvEWdhwyum9tOClSlwrqwK+41
MD5:	9ED4DE80D9B5CA1107B8C9572ECA883C
SHA1:	AC672D2A0AEC12ABAD6D3522598C7F7F4414F7BD
SHA-256:	F24E524143B8C16E7067739F60093EE238693C97C9189060E1E9307A15AB6E38
SHA-512:	2A1FA1D35EC72ED6A3879B692579F8FE9502A7C7E6DFC95B38855BFBC8B573DC213A3B14BB6A2B2A6C65B193378CC0B0F62E50CB09BFB7BD29EB97F0140A874B
Malicious:	false
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .T..'4M/......*...4@...A.A..Eo......L..................7...o..a=.98I......(3.$G.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.563066535565271
Encrypted:	false
SSDEEP:	6:mYXYOFLvEWdrROk/RJbuelJ9tZ4fO441:/RrROk/X9b4fL
MD5:	E934B3D95A5AF7FBD273EAC69D5CC8D5
SHA1:	C4D6C1059CBBAC8940530783BC5EC4A9313AA6EF
SHA-256:	83294445858ED0A7D6441091BFF6D1F0E186D2C0CAC8D6AB09D2519715CE2DC8
SHA-512:	E5E48122846A948A7DD2C8CED33E36A49D5F7B4420FD8FBEDC709377E46E0E2FAAE877BE7A8CD231F4EE3CD4C890BE0570E9370770A891B43857BCA2FA409AE1
Malicious:	false
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..h.'4M/......*.t.&@...A.A..Eo......~.$'..........~..rw.+[....!.)?..f.U..(=.=.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	186
Entropy (8bit):	5.599563675383486
Encrypted:	false
SSDEEP:	3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVszlkX9hyRktbpzoIN1OFPL4m1:mmDEYOFLvEWXIsotdzV1QPLr1
MD5:	837D76A6B2C47E5D213ED687F54C99DE
SHA1:	AEB3018A4405E89DF60CB4AE06D98E59E0152555
SHA-256:	818A317624567CD3DB673D9CB4FB926BD1F1CC91826F6C9160B94C1382169EA4
SHA-512:	C8AA91BE65C1B6177ADF4FD172A8683B57FAA42669B4FD41134D05B33A876C3A41D36617EE6B97C573B23F32D602B260B90B4DFBB458A54CFB0D4F7C64921130
Malicious:	false
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .@.'4M/......*...!@...A.A..Eo........R^..........~]...%s..<...n.f..<.....1#..U..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	207
Entropy (8bit):	5.590024115784401
Encrypted:	false
SSDEEP:	3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFv8CslvjO9qyRktZclM8D6EsEJeUm1:m52YOFLvEWdMAuCg9QtZc2EvsEJ41
MD5:	E303E9CCEFDE46762BA7CD49A0F09B0B
SHA1:	DEAA3D3E762844687A811F990A9C3AA7686DECC1
SHA-256:	E363BBFEC534037BB8131BC0E262141F503A1BBBC35829A7BFBBC9A76A1B6470
SHA-512:	CB4CCA7CAB44D6C9B59718C60C3A3634788765E17EA1D90A558439B0E6C8917B87FB911ED2F69A22B82710850C9A06C7325F54DE20D15C28E2E7F095EB172A6F
Malicious:	false
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..g.'4M/......*.H6F@...A.A..Eo........=l..........z._a...'.v.......4p3..1.']...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.538713843032575
Encrypted:	false
SSDEEP:	3:m+lf1UldA8RzYOCGLvHkWBGKuKjXK9QXAdWKfKPWFv/eFvyRkt5bl/wFoDb7T2/1:mYilPYOFLvEWd8CAdAuWNtFlyong1
MD5:	998E0C39AC484B3B16275CCD988E983B
SHA1:	5FC2967F620810B9D3AA61454B953EC3DE9B11F7
SHA-256:	F4757A3D86C1FDEB73CA3C171B85FD6BF0B18149E449A4FB88044F7F0E4F6445
SHA-512:	8859F37D80A3974E300F1550B6EF6E71C95D9A4042C32A057D1CB2BF498B07AE2EBC150DBF03293978675A6D805A3E28E1A1535C3108BABE9409471FDF3DD0AB
Malicious:	false
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .Mm.'4M/......*..OF@...A.A..Eo.......;..........c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.596341428282604
Encrypted:	false
SSDEEP:	3:m+l18t08RzYOCGLvHkWBGKuKjXKeRKVIJ/2oKPWFvmDO+JvUqyRktX3/lDOe28WR:mY8nYOFLvEWdrROk/IuuJvrt1N16wG1
MD5:	3A494CC902394B97AFC22146D4D64688
SHA1:	7B2EA2A121BC6114E3E519528DE5EAAAC6A1D603
SHA-256:	5CEFB2BEF2AD15B3D42447ACD8703CACE70313DDFCD06AA135074AECC26D7170
SHA-512:	E54DA1FD269158A9B64FA024A9F3E2CCC97081F503063E110B3442D697F758B8F24DC3A309F5B070D32DEB1DD36F1CA04DF48E66B2B001B286A2A82FDE4D9C27
Malicious:	false
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..g.'4M/......*...&@...A.A..Eo.........R..........%.k.SZ..~W.....:)'B..ad......A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.697042595761306
Encrypted:	false
SSDEEP:	3:m+lstxt08RzYOCGLvHkWBGKuKjXKX+IAuAJVKjXKLuVHSo4AyRkt8FtePmJelc0A:mLrnYOFLvEWdrIoJUQ6treJIi1
MD5:	93B17BAB278653FB6FFB8A9CE04917CF
SHA1:	39118EA6541889155091169F7E8FDD62804AEEAA
SHA-256:	D75ABD6794031B072AAA9F0CB5FA8573C6CDDC0AA5D441460E79FB201337B072
SHA-512:	2FF52D4454D775567BE6557BC342CB7A7633EDD5AF3EBAE646ADC9560EE375AF4CE91B4AE9744F59A62D4B73EF72AB81D531B7D37F2C5856CB62C945050F8C22
Malicious:	false
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ....'4M/......*..<'@...A.A..Eo.........&.........;"./N_.,.:C..2....9L.H...3:...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.5744814651178425
Encrypted:	false
SSDEEP:	3:m+lQ/pqv8RzYOCGLvHkWBGKuKjXKX+IALKPWFvbR1KhyRktPtx6mgmOZLhT7Um1:mOEYOFLvEWdrIhur1Kjtnzgm2d/1
MD5:	452F7210572685E3C53DBA47C6B5AA4F
SHA1:	22223A5DC2F456E52A8D92857E3508C3A0606356
SHA-256:	B68A890C1B1BA991F8FE033BE9587BD64FE55664BB91019955B5559F89A17786
SHA-512:	4F1674F703E88D1C7569F69972EB80D18B4531D0D14A853544EA1BED329214418593B8F546D77172BCCD3A5E2C49A945CF2E1117CFBE63C17882C4B056A8C53E
Malicious:	false
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .OT.'4M/.......[^&@...A.A..Eo......b...........Z.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.612943331724147
Encrypted:	false
SSDEEP:	3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvYuSM0hyRktw//GBiaQ562HvpMm1:mAElVYOFLvEW1KZhMQtwrx56uvp1
MD5:	EC7B5D3496B406BDF91C4508E8A33FBB
SHA1:	A97DC2C060D7287C8177784C11515BDF743BFA56
SHA-256:	88E11C4865A43CBE99339652A7A5ADA20E77263A72D08BDE6E14434F67B4D085
SHA-512:	4140971658F337C2778F607F9255BBFC91C7352D47B2AE6164E63D59648D320437DF39E94078E8B0CD29693492C057E507E07091C9ECEAA780C1E18F28C6D7CA
Malicious:	false
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..}.'4M/......*...@...A.A..Eo.................z?...SwC...^..y.....V..7R-O.....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.616953396205712
Encrypted:	false
SSDEEP:	3:m+lSy/08RzYOCGLvHkWBGKuKjXKBRSJvBCv1KPWFvek/zcG9hyRktU/dY8UDLY3T:mWYOFLvEWdBJvvugkgSt8UDLYtmOZn1
MD5:	0665ADFE9441D10FA81C1CA1B5B24419
SHA1:	238792C9C6EF6A510E92C91CAF60394DECE3E4CE
SHA-256:	ED5BC08DCCAFAB05ACBAB6D45B02D719ED8670629AF142E1BBD6D56B21EA1C6C
SHA-512:	3AB6554B077A52611A14660C01F58934012D52235C3859DCE746CAB983C6844DBC3D50E7C8394D7D8571F7F3EE7B0E3AD82C57FBDEC1D73357810BE253028EE9
Malicious:	false
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .UN.'4M/......*.a2E@...A.A..Eo......\|.'.............t.q..W.EZ....1...[.zC.7mD..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.60613550093952
Encrypted:	false
SSDEEP:	3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFvYXllupvUdoyRktel/FpSKH:msRPYOFLvEWIa7zp71XGpvMatM8VPu1
MD5:	A1EC951266806705258DD37B3C0A1E3B
SHA1:	22F93389680B175501E91604DE53098BFEE48FE1
SHA-256:	CF625580039BF2041A32F1C511CBE9739F92B875B1DBDB769AE8B13D517B845B
SHA-512:	3BFB65C8776EFA59D2EBFB2E2BCD59C03062DF973CB8E2C33AAA505D2431E0084CF61FCAFDFBA6B90CFC47A3428EBAC67C43990D2E15CABAF86807F10152F698
Malicious:	false
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ..f.'4M/......*....?...A.A..Eo....................L...Im.@.........E.nW...IP..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.61977643105882
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQcXx9tZ/mjBRCh/41:XRc9dnuDi/
MD5:	FAC645386FC44352D6A57130CE1E12C7
SHA1:	1C775F0A87DB0704F0BA4FB3854D6B7FFD34E601
SHA-256:	41B9E2CB3987C9A734ACF412C6B7FBAC59B64F9286942EBED0F4883A36671C8B
SHA-512:	9931BF30285B0E91C5FF0AA134AF43D12AA6E62F90370449B1A706DFE94100CF73810782B627822870A0DD136A77D1924224168217F4D7DB5CED97BC9CCFA45B
Malicious:	false
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ...'4M/......*.p.P@...A.A..Eo......B..L........PJm...0x.x..RD...BB!@5..<..]....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.571413489390935
Encrypted:	false
SSDEEP:	6:mqs6XYOFLvEWdFCi5mhuFl+9kat03kULlF4r1:bs6xRkiwGaa7LlF4
MD5:	4D8211291E9198AEE0C31A59BA268A32
SHA1:	E6FE6AD26F04296420ECD987EF71A3AABE28CB49
SHA-256:	DF002E4A5EC0A2829A0EF9277102917CD01C64668DFAE9534C3A5EA72F7A1176
SHA-512:	931E5979B78D5045E936DDA91C5E14A634F17DFDEB1976910B4BE2A338F54D3C847E621C4B2F667D0462809C814EF509D30E5C38026DD8B352502859402C5B24
Malicious:	false
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ...x'4M/......*...\?...A.A..Eo..................P...#4..l....5...5..).w.. .h.~..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\e58e492b0f04240a_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.6902961950410855
Encrypted:	false
SSDEEP:	6:maJYOFLvEWdfNBHvdQaqrdatdizPne7cV6gr1:v/RfTHlgdaHqPneYU
MD5:	312677E11B2CBDC30F4F74D8B143C3E1
SHA1:	898AFC9E056ED7BF0E8256ED50C9F9A733A75B1B
SHA-256:	E84E9F5F7AEE2D8C8719CB3930D559150465C416859D568DDAD84FBB9EB0374F
SHA-512:	6BB6A7ED7973F7B56E2CA9DDE2F5EC67561CFDC46433344F776C7E02D3A0A1B0D6FCD49DC4A439A0369B5952E07CEE326B7A66AF046273780C1FD66A672D5CA3
Malicious:	false
Preview:	0\r..m......R..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/task-handler/js/plugin.js ..Dv'4M/.........J?...A.A..Eo......I..5........E).*^.!..C......G..#.&)A..Y..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.581190702458039
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9QaC/qt8HVuA424r1:+RQH5Hr
MD5:	17689DB208055395D56F59B39023FD12
SHA1:	4B5089057D5F82B620505ECCC3B88CEFB486F574
SHA-256:	32C4B9ED8AC5E899E33B0375B80F8CCB3B94EC3FB0B095DC3DDF17BC28D6131E
SHA-512:	05D269E56AB1101D84045B7B93E37601F5CC57C1A3301099A6F43AAD235D8840F10413EEA65C797676CBAA3E4E55812E29DD25A968CD0349B7ED56FBE56D5228
Malicious:	false
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .V..'4M/........(K@...A.A..Eo..................#..@..k(v.8g..5.~_....]Pj...6.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	221
Entropy (8bit):	5.570329362176149
Encrypted:	false
SSDEEP:	3:m+lFNrs8RzYOCGLvHkWBGKuKjXKeRKVIJ/2kKLuVs/89qhyRktgnsYWmYk5m1:mQZYOFLvEWdrROk/VQr/8otKsLmB41
MD5:	851A10D59BCE23A7F6CEA277A20B72E0
SHA1:	911B37A05467D63640FC98A0E0FC8EE7D01E7A9D
SHA-256:	79EC88C343CB9C3B7D0E3363A599C01882D2ABAADD1302417B5F3589CA0CACBA
SHA-512:	8AD0638C6E4C3828E808876ECA8A20627686BF128844E4FFB3844A926AC752AE590DB3A84F6C03E514EEBB3D71426170215F11985E0CB79D34E43C9D2D187F93
Malicious:	false
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .8..'4M/......*..+@...A.A..Eo......c.au........ ./.ev......N~..6.b.....$.j;:C...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.587682504461872
Encrypted:	false
SSDEEP:	3:m+lUV/la8RzYOCGLvHkWBGKuKjXKjcAW6KPWFv1RvROqhyRktYxProbk9mZa6toj:mZ/lXYOFLvEWdccAWu1wSt8Ddm9741
MD5:	4064CBB4C1D6FDB6FF893D718D015EBD
SHA1:	8BF63E99B3589241CE183A41B3419789097A1778
SHA-256:	4CCEB99DB742616F0D5ADB63F685AA3AF10016A574A71EAA720433B9C2B9D485
SHA-512:	6BFA92A2813E21FC9A0A477625EDA0DE63713BB75DFE6C073452C3D91612F1DECAB496163B239F94FDC5C3B596163BE4537A4BF833E4AA7C803CE42BBCB37A6B
Malicious:	false
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ...'4M/.......*.D@...A.A..Eo........3l...........U...I.>P...X...x..0U.~;m.x.k.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.572027737729142
Encrypted:	false
SSDEEP:	3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvNP1pyRktH9EB6shoq+Nem1:mMOYOFLvEWdwAPVuL1rtHWB6Jn1
MD5:	2F950D3E630848736FC605BC611EEC02
SHA1:	537B81D270FF8FC73C0C17E78009BDA15BF0D8C1
SHA-256:	A8F07AD26EF151181E02975311A0E5E81BBFD981035D42157E9F1D546EF406EC
SHA-512:	9B6DA4392AA4BD10F4137A5CB5B77154DE635E1DC00E94FF9BD6017BC19BA9BEB0C71754BAA8618CB490D2D985E3A5CBF5A9EC623664C09F9D4284B02E44B9A1
Malicious:	false
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..'4M/......*...4@...A.A..Eo.......]\|..............k....F..D..O.n;[.1m.....=..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	228
Entropy (8bit):	5.595147623824006
Encrypted:	false
SSDEEP:	6:msPYOFLvEWdrROk/RJUQaCRoKBt9hzc3Me/1:3RrROk/svbKBF
MD5:	C5EAE5F0F9E9C133FE0C47DEA31119DC
SHA1:	0F5EDDC881CF5306376D13A458A163EA7716F5A6
SHA-256:	214428B113C6EDBF6C65AFDE8C40D6D031DAB0BBB986EBCE7206EB32FAB7A42B
SHA-512:	2A9BA9E45F28F0AECCAFA189BAA1E2EA613FB1A4A3C7BFA13AB7F11D8956B6F1CD816E2A9E8D18949F3A5C71B30CFA3D064C872B37AF2D493368B033C6A92A8C
Malicious:	false
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .2..'4M/......*..O,@...A.A..Eo......../..............9Q].8O.z....=..:.N.{....N{.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	1008
Entropy (8bit):	5.1143063474742805
Encrypted:	false
SSDEEP:	24:p5NKZOV5MOKp1A7d7slSMIb7ubl4kk9XtGEXZ:p5IC+StMItnJ
MD5:	2E0D21983E2D8B57156E049BA4BA8E63
SHA1:	B7338C44B1A7231740A263F99B826F1A9A1B7985
SHA-256:	1CB9ADC9FCF0F22D9895F0B906C6ED93BF4A887F8E31A9E6176A6EAA6EE02135
SHA-512:	5354AD4C340FC8CB73F6B9FB77B4D48EDAABB32034CE225C6B981B00E233F7C923803C7BE07348E9094B0FF58F447719A4B7DF652C2C9ADBE4793DABD6E6D8B9
Malicious:	false
Preview:	......0.oy retne....(........P.................'4M/...........;.y~A....'4M/..............oB.=.'4M/...........9.cmvd@.t'4M/............#...(....."/.............D.4.@.'4M/..........[.i..%.@.'4M/.............k7A....'4M/..........]...I.@.t'4M/.........,+..._.#...'4M/.........<...W..J.=.'4M/...........2q.......'4M/...........P....V...'4M/.........!...0.o@.'4M/............P[. q...'4M/..........~.,.4>.@.'4M/.............&..r...'4M/...........3......'4M/..........v...q.....'4M/...........a.....=.'4M/..........C..M......."/..........$..+I..@.t'4M/...................'4M/...........6<\|....=.'4M/.........F..=z;....'4M/.............o....'4M/.........Gy.'.h....'4M/.........:..N.A.....'4M/...................'4M/.........=..(Q.x...'4M/.........?..7X.L@.'4M/.........A?.2:..@.'4M/..............q.@.'4M/..........u\]..q@.'4M/..........o..k..@.'4M/...........*....@.'4M/.........^.~..z.@.'4M/..........+.{..'@.'4M/.........=....m..@.'4M/.........+.U.!..V@.'4M/.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	1008
Entropy (8bit):	5.1143063474742805
Encrypted:	false
SSDEEP:	24:p5NKZOV5MOKp1A7d7slSMIb7ubl4kk9XtGEXZ:p5IC+StMItnJ
MD5:	2E0D21983E2D8B57156E049BA4BA8E63
SHA1:	B7338C44B1A7231740A263F99B826F1A9A1B7985
SHA-256:	1CB9ADC9FCF0F22D9895F0B906C6ED93BF4A887F8E31A9E6176A6EAA6EE02135
SHA-512:	5354AD4C340FC8CB73F6B9FB77B4D48EDAABB32034CE225C6B981B00E233F7C923803C7BE07348E9094B0FF58F447719A4B7DF652C2C9ADBE4793DABD6E6D8B9
Malicious:	false
Preview:	......0.oy retne....(........P.................'4M/...........;.y~A....'4M/..............oB.=.'4M/...........9.cmvd@.t'4M/............#...(....."/.............D.4.@.'4M/..........[.i..%.@.'4M/.............k7A....'4M/..........]...I.@.t'4M/.........,+..._.#...'4M/.........<...W..J.=.'4M/...........2q.......'4M/...........P....V...'4M/.........!...0.o@.'4M/............P[. q...'4M/..........~.,.4>.@.'4M/.............&..r...'4M/...........3......'4M/..........v...q.....'4M/...........a.....=.'4M/..........C..M......."/..........$..+I..@.t'4M/...................'4M/...........6<\|....=.'4M/.........F..=z;....'4M/.............o....'4M/.........Gy.'.h....'4M/.........:..N.A.....'4M/...................'4M/.........=..(Q.x...'4M/.........?..7X.L@.'4M/.........A?.2:..@.'4M/..............q.@.'4M/..........u\]..q@.'4M/..........o..k..@.'4M/...........*....@.'4M/.........^.~..z.@.'4M/..........+.{..'@.'4M/.........=....m..@.'4M/.........+.U.!..V@.'4M/.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF4da3ea.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	1008
Entropy (8bit):	5.1143063474742805
Encrypted:	false
SSDEEP:	24:p5NKZOV5MOKp1A7d7slSMIb7ubl4kk9XtGEXZ:p5IC+StMItnJ
MD5:	2E0D21983E2D8B57156E049BA4BA8E63
SHA1:	B7338C44B1A7231740A263F99B826F1A9A1B7985
SHA-256:	1CB9ADC9FCF0F22D9895F0B906C6ED93BF4A887F8E31A9E6176A6EAA6EE02135
SHA-512:	5354AD4C340FC8CB73F6B9FB77B4D48EDAABB32034CE225C6B981B00E233F7C923803C7BE07348E9094B0FF58F447719A4B7DF652C2C9ADBE4793DABD6E6D8B9
Malicious:	false
Preview:	......0.oy retne....(........P.................'4M/...........;.y~A....'4M/..............oB.=.'4M/...........9.cmvd@.t'4M/............#...(....."/.............D.4.@.'4M/..........[.i..%.@.'4M/.............k7A....'4M/..........]...I.@.t'4M/.........,+..._.#...'4M/.........<...W..J.=.'4M/...........2q.......'4M/...........P....V...'4M/.........!...0.o@.'4M/............P[. q...'4M/..........~.,.4>.@.'4M/.............&..r...'4M/...........3......'4M/..........v...q.....'4M/...........a.....=.'4M/..........C..M......."/..........$..+I..@.t'4M/...................'4M/...........6<\|....=.'4M/.........F..=z;....'4M/.............o....'4M/.........Gy.'.h....'4M/.........:..N.A.....'4M/...................'4M/.........=..(Q.x...'4M/.........?..7X.L@.'4M/.........A?.2:..@.'4M/..............q.@.'4M/..........u\]..q@.'4M/..........o..k..@.'4M/...........*....@.'4M/.........^.~..z.@.'4M/..........+.{..'@.'4M/.........=....m..@.'4M/.........+.U.!..V@.'4M/.........

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-221129154453Z-191.bmp

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.1826827611433077
Encrypted:	false
SSDEEP:	384:oxsy8rX/5KdvqxNLw3SWnSSi4+PdwuOHxnbu9DWsDOjqw46hYtx:ox41DB
MD5:	307D0A0624D28461CE957D9B4966BA8D
SHA1:	D4D4A91CC75A0F1FD045A1D63DCB4FF711ACA22B
SHA-256:	C03CEF03B1D77D01554AC89B46E70FD27C780D8C722BE57FE8E2291E0634EFC2
SHA-512:	90FB801BA346161C6DB67578F3FDFC5F19331600820F9491EC74595B7EF079E8A3EAD462906458A329F6092E7C1ADBE26878CFA3D06463FE43C2F97AD78FD051
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.1814585833525633
Encrypted:	false
SSDEEP:	48:7ME6iol3iol2ol1Nol1Aiol1RROiol1jol1Cioeol1yP2iolV3GIqkmFTIF3XmH0:7ObfMRhpz89IVXEBodRBkm
MD5:	4F0C894324FD7D9D82DB96DEFB24D8FB
SHA1:	F20FDF5606C6B0ADBB9F60796DE2018005E98B19
SHA-256:	719C0C22B21D02416AF4C6AA830FF0E95EDC4A2B78C69DC05B90F6208ACA8756
SHA-512:	58D23A0FBF18DE8114BBD410551F01AE6135E68D4D049BF194C7D6C28A231FFDF8AA7EA4CFBBB5C49BE78F4E8FC7C19E758E3E22D4239306D935FA0F93943E5A
Malicious:	false
Preview:	.... .c........7......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................h..........<.....y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt21.lst (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	536
Entropy (8bit):	5.17576513886526
Encrypted:	false
SSDEEP:	12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
MD5:	4D5E3CD969F14362210F0473720C5528
SHA1:	AFD90E9888759B809F78E87D5550B601A288A0A3
SHA-256:	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
SHA-512:	B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.7052

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	536
Entropy (8bit):	5.17576513886526
Encrypted:	false
SSDEEP:	12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
MD5:	4D5E3CD969F14362210F0473720C5528
SHA1:	AFD90E9888759B809F78E87D5550B601A288A0A3
SHA-256:	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
SHA-512:	B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	536
Entropy (8bit):	5.17576513886526
Encrypted:	false
SSDEEP:	12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
MD5:	4D5E3CD969F14362210F0473720C5528
SHA1:	AFD90E9888759B809F78E87D5550B601A288A0A3
SHA-256:	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
SHA-512:	B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt21.lst (copy)

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	9566
Entropy (8bit):	5.223243858582587
Encrypted:	false
SSDEEP:	192:eTA2j6iU6uo76YQx6lo6Me6M46EZ6vp6qUfs6vUtRZ6ROtsu6zRtG16I6MXY5B5/:es4kuoXQ858yfs3tRZptsuktG1kMIzV
MD5:	3455517A7EA370FB26E41F9C0D1F2AEF
SHA1:	0A1DE15B520E538FE48BB82DC29CFF12D772EC51
SHA-256:	F29BE4937BB25A377D75F64271D1C3CB44992AEABC41F1D0ACAAF830E5FA40D5
SHA-512:	979D1BB3A39CB1AE51083612A37DF3D4C19B7830EB3D82FD8506B9A4B0B68009B67D68CD7785B3368934697E45573DABA1041E8BA881706CCE702ACA0ABCB6C2
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:85552.FileModTime:1619528014.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.7052

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	9566
Entropy (8bit):	5.223243858582587
Encrypted:	false
SSDEEP:	192:eTA2j6iU6uo76YQx6lo6Me6M46EZ6vp6qUfs6vUtRZ6ROtsu6zRtG16I6MXY5B5/:es4kuoXQ858yfs3tRZptsuktG1kMIzV
MD5:	3455517A7EA370FB26E41F9C0D1F2AEF
SHA1:	0A1DE15B520E538FE48BB82DC29CFF12D772EC51
SHA-256:	F29BE4937BB25A377D75F64271D1C3CB44992AEABC41F1D0ACAAF830E5FA40D5
SHA-512:	979D1BB3A39CB1AE51083612A37DF3D4C19B7830EB3D82FD8506B9A4B0B68009B67D68CD7785B3368934697E45573DABA1041E8BA881706CCE702ACA0ABCB6C2
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:85552.FileModTime:1619528014.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.338788507692105
Encrypted:	false
SSDEEP:	6:YEQXJ2HXyIIWwlqMJVyuChJ2iS5R0Y9m3ReoAvJfPmwrPeUkwRe9:YvXKX6W1KyuChExSBVGH56Ukee9
MD5:	24170E2E178CFE2687D0C22429680A90
SHA1:	129964684C6117FCC987E5646634625316F3BA67
SHA-256:	04F40BA44E4D013016249EC9985D8E82406C360B351A7B10061E5ED05A42A18D
SHA-512:	676A0B9529874F240BC7BC7A5DB091E297E6E1D3D0A576156BCB241067955869272C342E6244A054F7219BB4D7C4D583810E2EE2D0BF2909DD6E88BE30909C8C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d2314c78-4c61-4e1d-ae13-4f591f79cd74","sophiaUUID":"2CA8C5A6-154C-4669-80E9-F31A8F7EFE55"},"encodingScheme":true,"expirationDTS":1669910448958,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1393
Entropy (8bit):	5.77280317538569
Encrypted:	false
SSDEEP:	24:Yv6X6W1wVDrLgETZycPjFmaR70Oa+NCdaBcu141CjrWpHfRzVCV9FJN/KFY:YvHWsHgALwafEaB5OUupHrQ9FJR2Y
MD5:	87FB8DA8698B1F5A64424D17D5C1BACE
SHA1:	019126CDAFE21D1557B7D30783B2EAF1654ABD8F
SHA-256:	FFFFC505F8994B06A02455E87B6B19FCE9DE279F539542733CD1BCD34BFC7B3D
SHA-512:	4D5CBFD9E2595C2FC6DA24342BA2FBF63850BDBC1D4D90B9A38323E1A4A35F6F2A295FFF8411B8D2BA830B290D45410C163D4F43C32670D500AF0F6CE3D123F5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d2314c78-4c61-4e1d-ae13-4f591f79cd74","sophiaUUID":"2CA8C5A6-154C-4669-80E9-F31A8F7EFE55"},"encodingScheme":true,"expirationDTS":1669910448958,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"35216_95523ActionBlock_0","campaignId":35216,"containerId":"1","controlGroupId":"","treatmentId":"0acb9735-71e6-49b8-9dbc-deee7ad1bbc6","variationId":"95523"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS91cy9lbi9zaWduL2ZyZWUtdHJpYWwuaHRtbD90cmFja2luZ2lkPVBDMVBRTFFUJm12PWluLXByb2R1Y3QmbXYyPXJlYWRlciZ0dGlkPXJocGlwbV9zIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0bG

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.285051436784291
Encrypted:	false
SSDEEP:	6:YEQXJ2HXyIIWwlqMJVyuChJ2iS5R0Y9m3ReoAvJf21rPeUkwRe9:YvXKX6W1KyuChExSBVG+16Ukee9
MD5:	1B73F6453BA3D7D707B12BCB2DE16E45
SHA1:	FB3F2F7734C5A11D97FC30A68B1C21370E917362
SHA-256:	86130D602645670D080E3A5923174937AC6BFF5D5515782E3B9E9BCF4A9747AE
SHA-512:	7574E22BF07CD5927A9FD142A5E8BFD937B57DD1470832D00310151CC0DB5A63AE7D5081A39B7B9C9EA94AA6D0F9B9B5BBAD559C4064763B7743D1F7028429E0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d2314c78-4c61-4e1d-ae13-4f591f79cd74","sophiaUUID":"2CA8C5A6-154C-4669-80E9-F31A8F7EFE55"},"encodingScheme":true,"expirationDTS":1669910448958,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.36967589598224
Encrypted:	false
SSDEEP:	12:YvXKX6W1KyuChExSBVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWLKi:Yv6X6W1wVa168CgEXX5kcIfANh4KFY
MD5:	13867ECE467350ECB969DEEAB9435F71
SHA1:	66A8489B349391B0E214800919ADF6C1293070F5
SHA-256:	1B3C208CD509515706830156B83EF8310AD3760ACCAB8D56E934896E92738420
SHA-512:	75A85940694C965B4E8FBE04D25A66B46714287D8840B0F370B461703289EFF9505DDE84880BA10621B53F064F8C98476EF353DCE233B081669AEBCDD2A5CCC4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"d2314c78-4c61-4e1d-ae13-4f591f79cd74","sophiaUUID":"2CA8C5A6-154C-4669-80E9-F31A8F7EFE55"},"encodingScheme":true,"expirationDTS":1669910448958,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1669736704005}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	767
Entropy (8bit):	5.100421696400606
Encrypted:	false
SSDEEP:	12:YACrLQH8ot2K6J3qruqAk3Q2Kqq2soF2KL5/fG7cdB4Wi2KPqxBoU2VdZnONs:YACrLQci2K03qycg2KqqNa2KL53Go9ij
MD5:	862CA30A296A8C6C2EEE351DD683E5ED
SHA1:	0CBE828C6E1AAC5129B19CF543F7DB60B437CAEC
SHA-256:	E06812187855752DD6ED66A60B8EAEB9EB70E2F4A0C4B28F466048D92E61390F
SHA-512:	5248172A91B949DEB44595F3A4450A58F5998AF4A960D660BE85AE6992761E6348C55833BFC4172AB3ED359BC2CB63BC3C3F5ABAC9DFDD4539F1127E3C05AD1A
Malicious:	false
Preview:	{"all":[{"id":"Edit_InApp_Aug2020","info":{"dg":"6d7ddc25e904c1c980ccb2293a69a255","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1669736703000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"ba9461c6a77ec143179e2a09fc4a9258","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1393,"ts":1669736703000},{"id":"DC_Reader_RHP_Retention","info":{"dg":"203f675ef7c938ec454d84bddfa0a2a2","sid":"DC_Reader_RHP_Retention"},"mimeType":"file","size":287,"ts":1669736703000},{"id":"DC_READER_LAUNCH_CARD","info":{"dg":"21d58ced2b116afa205bb45ca79b878a","sid":"DC_READER_LAUNCH_CARD"},"mimeType":"file","size":285,"ts":1669736703000},{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1669736691000}],"g_info":{"Version":"0.0.0.1"}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	40393
Entropy (8bit):	5.5182337348115755
Encrypted:	false
SSDEEP:	384:K7X4uyVFu3HBp36nULdZB11/uOdYA0UZYNg7y:KT4uyVFuXBJCIdn11/ucrYyu
MD5:	7713B84E9FECEAC145461DD08F5BEB5A
SHA1:	3408398F08F740D4B4E1D850202F757C6F369EB1
SHA-256:	0DA38ED808D54FE17BDEC0A143EE42409D9A7B7130F1878FF73C820DE0B8652E
SHA-512:	B462060A746346641F2067ABF6B62D7FAB28D2C5F67DDD011829A27A4DB27D198C94082BDD0AEE2C55502F909A2E8D1D12A4219B33D1837B4D07197F277970B0
Malicious:	false
Preview:	4.241.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-BoldItalicMT.P:Arial Bold Italic.L:$.........................."F:Arial.#.91.FID.2:o:........:F:Arial-Black.P:Arial Black.L:-.........................."F:Arial Black.#.103.FID.2:o:........:F:Bahnschrift.P:Bahnschrift Light.L:&...............,.........."F:Bahnschrift Light.#.

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20221129T1644340163-6624.etl

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	3.684725537417778
Encrypted:	false
SSDEEP:	192:hDgPJvFxzLHD1L4LIpQPwN5Lx/JIO2aUljtvLJ3Q:heXHBlC4bV7+pd3Q
MD5:	9A481E460AC947D72EEF4FD1CB57383F
SHA1:	7AEA79EB876414700069F4A7D015DE902299D1DB
SHA-256:	6AF63254C2CDDCC05C70DC0067E64DCFE19A61E4AD1DB0C87C10D7D36A08546C
SHA-512:	0BE66D490EE224DF8040E2CD1AE518C349171D368E919F6640C04DCE43A7CF19C8A6E6DAF3D3D39BB89B1C851FFF3886733CB6463CB93B22A0C5320BE36262AE
Malicious:	false
Preview:	............................................................................n...h........P.z.....................G.......3.z....Zb..2...............................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1..............................................................6k............P.z............v.2._.O.U.T.L.O.O.K.:.1.9.e.0.:.7.6.4.f.7.2.2.0.f.0.c.a.4.9.3.9.b.2.c.5.8.6.d.4.1.e.b.0.c.c.f.c...C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.3.9.2.9._.2.0.3.8.6.-.2.0.2.2.1.1.2.9.T.1.6.4.4.3.4.0.1.6.3.-.6.6.2.4...e.t.l.........P.P.h.........z............................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	CDFV2 Microsoft Outlook Message
Entropy (8bit):	5.592779154958618
TrID:	Outlook Message (71009/1) 58.92% Outlook Form Template (41509/1) 34.44% Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:	Send for Peter Bayliss.msg
File size:	141824
MD5:	7aee648f7e5934f4fd9738292ce01721
SHA1:	b0da84770c7cf47d5f6d09fbecf6e0ba7f11f314
SHA256:	a1e682ff53fb34ac511a618c6add7c26c6000f86a7e31c129e4772179310295e
SHA512:	40444e91acfd2273ac85dacb447e31db07e26d5cfdc8138e23d4944eab89c13536070018f44e35c8c08e19d70857271df3716eed238b8f9f5a3b7d7aa1d5ecf6
SSDEEP:	3072:gUflMpI9ijSjWWppzbYD2vvT0pQtIkarXlNFCyJ/mkcDP:rflMpVjSjRpzbYDOvOQyka5qyNf8P
TLSH:	A2D3B51176FA0115F2B7AF714AF290838977BC92ED31D58E22A5334E0572981ED72F2B
File Content Preview:	........................>.......................................................d..............................................................................................................................................................................

File Icon


Icon Hash:	00ecb28ec8d28200

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: OUTLOOK.EXEPID: 6624, Parent PID: 3800

General

Target ID:	0
Start time:	16:44:33
Start date:	29/11/2022
Path:	C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Send for Peter Bayliss.msg
Imagebase:	0x7ff7ccde0000
File size:	41778000 bytes
MD5 hash:	CA3FDE8329DE07C95897DB0D828545CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: AcroRd32.exePID: 6900, Parent PID: 6476

General

Target ID:	3
Start time:	16:44:46
Start date:	29/11/2022
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\R172JYD4\Peter Bayliss 273238652.pdf
Imagebase:	0x3d0000
File size:	3141816 bytes
MD5 hash:	0EAC436587F5A1BEF8AEB2E2381D2405
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: RdrCEF.exePID: 6440, Parent PID: 6900

General

Target ID:	10
Start time:	16:44:51
Start date:	29/11/2022
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Imagebase:	0xb70000
File size:	7227576 bytes
MD5 hash:	4AC861CBCAFA331A72C04BF35AE792E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Send for Peter Bayliss.msg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\64766d63a539c3ca_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\e58e492b0f04240a_0

Windows Analysis Report
Send for Peter Bayliss.msg