Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf

Overview

General Information

Sample URL:https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf
Analysis ID:504914
Infos:

Most interesting Screenshot:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)
Sigma detected: Windows PowerShell Web Request

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 7124 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 7136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 2244 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • AcroRd32.exe (PID: 6088 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\download\Turn_Quality_Data_into_Quality_Insights.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • AcroRd32.exe (PID: 6328 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\download\Turn_Quality_Data_into_Quality_Insights.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • RdrCEF.exe (PID: 2932 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 1140 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7113903648470606022 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7113903648470606022 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 5444 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=6337020669972044748 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 4700 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=212230683563953520 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=212230683563953520 --renderer-client-id=4 --mojo-platform-channel-handle=1812 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6384 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13105103323955636011 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13105103323955636011 --renderer-client-id=5 --mojo-platform-channel-handle=1960 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6184 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17520325351492498782 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17520325351492498782 --renderer-client-id=6 --mojo-platform-channel-handle=1608 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

There are no malicious signatures, click here to show all signatures.

System Summary:

barindex
Sigma detected: Windows PowerShell Web RequestShow sources
Source: Process startedAuthor: James Pemberton / @4A616D6573: Data: Command: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf' , CommandLine: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf' , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wget.exe, NewProcessName: C:\Windows\SysWOW64\wget.exe, OriginalFileName: C:\Windows\SysWOW64\wget.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf' > cmdline.out 2>&1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7124, ProcessCommandLine: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf' , ProcessId: 2244

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 52.222.158.31:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: attachment.benchmarkemail.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: global trafficHTTP traffic detected: GET /c903556/Turn_Quality_Data_into_Quality_Insights.pdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: attachment.benchmarkemail.comConnection: Keep-Alive
Source: wget.exe, 00000002.00000002.292547638.0000000002B18000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000002.292547638.0000000002B18000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000002.292547638.0000000002B18000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl_h
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drString found in binary or memory: https://apnews.com/article/a8f6180617375f4a85025293859e4b36)
Source: wget.exe, wget.exe, 00000002.00000002.292487619.0000000000CC8000.00000004.00000020.sdmpString found in binary or memory: https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_In
Source: wget.exe, 00000002.00000002.292396330.0000000000A90000.00000004.00000040.sdmp, cmdline.out.0.drString found in binary or memory: https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf
Source: wget.exe, 00000002.00000002.292402036.0000000000A95000.00000004.00000040.sdmpString found in binary or memory: https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdfl
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drString found in binary or memory: https://blog.workday.com/en-us/2020/financial-services-why-is-data-stuck-in-the-dark-ages.html)
Source: wget.exe, 00000002.00000003.291343469.0000000002B58000.00000004.00000001.sdmp, Turn_Quality_Data_into_Quality_Insights.pdf.2.drString found in binary or memory: https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&event
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drString found in binary or memory: https://markets.businessinsider.com/news/stocks/mortgage-delinquencies-spike-year-high-coronavirus-p
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drString found in binary or memory: https://www.bdo.com/insights/industries/insurance/financial-impacts-of-covid-19-on-health-insurers)
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drString found in binary or memory: https://www.bloomberg.com/news/articles/2020-10-05/americans-are-driving-less-than-before-pandemic-a
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drString found in binary or memory: https://www.iii.org/insuranceindustryblog/triple-is-chief-actuary-insurers-are-navigating-covid-19s-
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drString found in binary or memory: https://www.inc.com/jeff-barrett/misusing-data-could-be-costing-your-business-heres-how.html)
Source: unknownHTTPS traffic detected: 52.222.158.31:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1i35cgj_1hgfesn_4vs.tmpJump to behavior
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drInitial sample: https://apnews.com/article/a8f6180617375f4a85025293859e4b36
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drInitial sample: https://www.bdo.com/insights/industries/insurance/financial-impacts-of-covid-19-on-health-insurers
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drInitial sample: https://blog.workday.com/en-us/2020/financial-services-why-is-data-stuck-in-the-dark-ages.html
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drInitial sample: https://www.bloomberg.com/news/articles/2020-10-05/americans-are-driving-less-than-before-pandemic-and-it-s-permanent
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drInitial sample: https://www.inc.com/jeff-barrett/misusing-data-could-be-costing-your-business-heres-how.html
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drInitial sample: https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventid=2941084&sessionid=1&key=0E3D97959142352BA4AE00CC060B05BD&regTag=&V2=false&sourcepage=register
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drInitial sample: https://event.on24.com/eventregistration/eventlobbyservlet?target=reg20.jsp&partnerref=website&eventid=2941084&sessionid=1&key=0e3d97959142352ba4ae00cc060b05bd&regtag=&v2=false&sourcepage=register
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drInitial sample: https://www.iii.org/insuranceindustryblog/triple-is-chief-actuary-insurers-are-navigating-covid-19s-economic-fallout/
Source: Turn_Quality_Data_into_Quality_Insights.pdf.2.drInitial sample: https://markets.businessinsider.com/news/stocks/mortgage-delinquencies-spike-year-high-coronavirus-pandemic-housing-fha-payments-2020-8-1029509846
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: classification engineClassification label: clean1.win@19/54@1/2
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf' > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf'
Source: unknownProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\download\Turn_Quality_Data_into_Quality_Insights.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\download\Turn_Quality_Data_into_Quality_Insights.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7113903648470606022 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7113903648470606022 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=6337020669972044748 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=212230683563953520 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=212230683563953520 --renderer-client-id=4 --mojo-platform-channel-handle=1812 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13105103323955636011 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13105103323955636011 --renderer-client-id=5 --mojo-platform-channel-handle=1960 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17520325351492498782 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17520325351492498782 --renderer-client-id=6 --mojo-platform-channel-handle=1608 --allow-no-sandbox-job /prefetch:1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf' Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\download\Turn_Quality_Data_into_Quality_Insights.pdf'Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7113903648470606022 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7113903648470606022 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=6337020669972044748 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=212230683563953520 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=212230683563953520 --renderer-client-id=4 --mojo-platform-channel-handle=1812 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13105103323955636011 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13105103323955636011 --renderer-client-id=5 --mojo-platform-channel-handle=1960 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17520325351492498782 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17520325351492498782 --renderer-client-id=6 --mojo-platform-channel-handle=1608 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7136:120:WilError_01
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeFile opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfgJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile opened: C:\Windows\SysWOW64\Msftedit.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CD14EF push ebx; iretd 2_2_00CD1502
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CD78A0 push edx; iretd 2_2_00CD7DE2
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CD77B9 push esi; iretd 2_2_00CD77BA
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CD0C56 push ebx; iretd 2_2_00CD14EE
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CD1504 push ebx; iretd 2_2_00CD1506
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CD7A30 push edx; iretd 2_2_00CD7DE2
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: wget.exeBinary or memory string: Hyper-V RAW
Source: wget.exe, 00000002.00000002.292487619.0000000000CC8000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Spearphishing Link1Windows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerSystem Information Discovery12SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferIngress Tool Transfer1SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 504914 URL: https://attachment.benchmar... Startdate: 18/10/2021 Architecture: WINDOWS Score: 1 6 AcroRd32.exe 15 39 2->6         started        8 cmd.exe 2 2->8         started        process3 10 RdrCEF.exe 69 6->10         started        13 AcroRd32.exe 9 6 6->13         started        15 wget.exe 2 8->15         started        17 conhost.exe 8->17         started        dnsIp4 27 192.168.2.1 unknown unknown 10->27 19 RdrCEF.exe 10->19         started        21 RdrCEF.exe 10->21         started        23 RdrCEF.exe 10->23         started        25 2 other processes 10->25 29 dqkjwx3xr6pzf.cloudfront.net 52.222.158.31, 443, 49740 AMAZON-02US United States 15->29 31 attachment.benchmarkemail.com 15->31 process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dqkjwx3xr6pzf.cloudfront.net
52.222.158.31
truefalse
    		high
    attachment.benchmarkemail.com
    		unknown
    		unknownfalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdffalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://blog.workday.com/en-us/2020/financial-services-why-is-data-stuck-in-the-dark-ages.html)Turn_Quality_Data_into_Quality_Insights.pdf.2.drfalse
          		high
          https://www.inc.com/jeff-barrett/misusing-data-could-be-costing-your-business-heres-how.html)Turn_Quality_Data_into_Quality_Insights.pdf.2.drfalse
            		high
            https://apnews.com/article/a8f6180617375f4a85025293859e4b36)Turn_Quality_Data_into_Quality_Insights.pdf.2.drfalse
              		high
              https://www.bdo.com/insights/industries/insurance/financial-impacts-of-covid-19-on-health-insurers)Turn_Quality_Data_into_Quality_Insights.pdf.2.drfalse
                		high
                https://markets.businessinsider.com/news/stocks/mortgage-delinquencies-spike-year-high-coronavirus-pTurn_Quality_Data_into_Quality_Insights.pdf.2.drfalse
                  		high
                  https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdflwget.exe, 00000002.00000002.292402036.0000000000A95000.00000004.00000040.sdmpfalse
                    		high
                    https://www.bloomberg.com/news/articles/2020-10-05/americans-are-driving-less-than-before-pandemic-aTurn_Quality_Data_into_Quality_Insights.pdf.2.drfalse
                      		high
                      https://www.iii.org/insuranceindustryblog/triple-is-chief-actuary-insurers-are-navigating-covid-19s-Turn_Quality_Data_into_Quality_Insights.pdf.2.drfalse
                        		high
                        https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventwget.exe, 00000002.00000003.291343469.0000000002B58000.00000004.00000001.sdmp, Turn_Quality_Data_into_Quality_Insights.pdf.2.drfalse
                          		high
                          https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Inwget.exe, wget.exe, 00000002.00000002.292487619.0000000000CC8000.00000004.00000020.sdmpfalse
                            		high

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            52.222.158.31
                            		dqkjwx3xr6pzf.cloudfront.netUnited States
                            		16509AMAZON-02USfalse

                            Private

                            IP
                            192.168.2.1

                            General Information

                            Joe Sandbox Version:33.0.0 White Diamond
                            Analysis ID:504914
                            Start date:18.10.2021
                            Start time:19:18:34
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 6m 28s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:urldownload.jbs
                            Sample URL:https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:26
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:CLEAN
                            Classification:clean1.win@19/54@1/2
                            EGA Information:Failed
                            HDC Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                            • Excluded IPs from analysis (whitelisted): 2.20.178.57, 2.20.178.43, 95.100.216.223, 20.82.210.154, 2.20.178.10, 2.20.178.56, 20.199.120.85, 20.199.120.182, 2.20.178.24, 2.20.178.33, 20.54.110.249, 40.112.88.60, 52.251.79.25
                            • Excluded domains from analysis (whitelisted): e4578.dscb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, acroipm2.adobe.com, arc.msn.com, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, a122.dscd.akamai.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, client.wns.windows.com, acroipm2.adobe.com.edgesuite.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                            • Execution Graph export aborted for target wget.exe, PID 2244 because there are no executed function
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtSetInformationFile calls found.
                            • VT rate limit hit for: https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            19:19:41API Interceptor16x Sleep call for process: RdrCEF.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASN

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):205
                            Entropy (8bit):5.603774817813102
                            Encrypted:false
                            SSDEEP:3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuVhDGx0kvRktm9xiTFJrqzOJkvP5m1:men9YOFLvEWdM9Qqkatyi7Z+P41
                            MD5:4635AE142D2ED52C363A5EF594FAC19E
                            SHA1:C12F8B19FD8FA4DE98D0C898B67798901C8CB789
                            SHA-256:08FD66CE19F113B108E48AED6A1788D94699D05D06EE7076CF00B0E54E9283E8
                            SHA-512:A72B319A142D5FF9F55A648C9B542584FD79F36DE9BEF8DDF4026FAFE98F5BF5B1A6009D1699A5614ED1ADDD087B83EC3729EDA8B1B0ACD07EA64C670C12D84C
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..B..A-/....."#.D....[.A.A..Eo......u.VI............d.{v.^.G...d.W.:...P..k%..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):5.5433695631634405
                            Encrypted:false
                            SSDEEP:3:m+lF9NX6v8RzYOCGLvHktWVzqm9dvRktpW98fZe/O+/rkwGhkg4m1:mi9NqEYOFLvEk5fatpy8Be7Ywcr1
                            MD5:EA7FC2B0F29596F06F16412D8BD02702
                            SHA1:C9492A0190A7D952192F86E9BC9B8107ADF85FC3
                            SHA-256:DD425B3E794147BC106700F91536192163F2CB24BE33F402EF2AE27B64AC66D0
                            SHA-512:9C236A711A26E016E3B87E0A69C02E0F0222CEC204293E022C218EBCDC247B0C71E6172EF03C26F550D9396B2496A53AC3258C82E9BAB587326D363479BBE42E
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .....A-/....."#.D^...[.A.A..Eo........7..........1.x.'.vI..*|Z..o...+.4....0..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):246
                            Entropy (8bit):5.5180465316682605
                            Encrypted:false
                            SSDEEP:6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhu/IzkatRlgt/RlUoSjGY1:DyeRVFAFjVFAFzIzkaHmtZlUo6
                            MD5:235D22FE82F040506427C9D01BCAE3DE
                            SHA1:C01045920D857001913AF260E65BB4A362600230
                            SHA-256:6A3B6652B7CA4F2586D199F5D0D8AF04FA62D2831A6937DBA3679C523962E8C4
                            SHA-512:C0F2B0078EDC4ECD8D69C7CB2FEA4B9557657D605CC9B2291A6E93E62BA4F19572B1C2A2832321D46CE0C5011EF7803D516A356DA0429CDCAA3FDCEE714DE31F
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .e...A-/....."#.D....[.A.A..Eo...................hvDO.N.t@.....n.*...... ....A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):232
                            Entropy (8bit):5.618901728202868
                            Encrypted:false
                            SSDEEP:6:mNtVYOFLvEWdFCi5RsoAr+K0jtYluiWulHyA1:IbRkiDjKQ2ljWus
                            MD5:2C6BB544F00B39F4B4E00C9A1DCBD006
                            SHA1:18709BC33DE6B7931083572C02DB4151BCF6C6EC
                            SHA-256:C9C7DE59055AA6395E21D6AC2793285D03AFE0D6C633CCD3DF26BA0D37DB133F
                            SHA-512:C34C2787C86C29E8C3BD4759214ABDCC178A7865DDFD51F9C75A67E6DBAA1D5BC88613C1F8A25052963FBB2017985D9C2F0FB33AF855787BD3E6539CB02104AD
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js .WA..A-/....."#.DQ3..[.A.A..Eo......0w...........8 P..a...R..Y....7.@..2Dm{..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):210
                            Entropy (8bit):5.5283922192276265
                            Encrypted:false
                            SSDEEP:6:m+yiXYOFLvEWd7VIGXVujCok9katBhVyh9PT41:pyixRuVCokGalV41T
                            MD5:B664DE0AF19E26215E1561C9B93B6126
                            SHA1:EA4F16FECD4859EA0D5A98AA1155BA6744E97621
                            SHA-256:87383A3E98FD56B5163ADD52E607C0D44578B135E2B72AEBCEEB2D1355A3B090
                            SHA-512:CE95FF375E9B8057E145BEEB555592A54530DF6767122F1D9B18A77D6E7467401FEE62E5DCBDA9E54AD3E957E513EE02EF1839BCC3CE8A25AB5081FB4E027EB2
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .....A-/....."#.D....[.A.A..Eo......FX..........k.Q.....-_..y.....O...>..1....A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):216
                            Entropy (8bit):5.57884645793352
                            Encrypted:false
                            SSDEEP:3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVa8/k+GGvRktFll/3lYo2sZI8xe9:mvYOFLvEWdhwjQZnGatr3ZIl6P41
                            MD5:4BD79C382A2041E84D6C9441FE5DCCDF
                            SHA1:F71D26EF0D9D8D3B1253899123CB3D316663F11D
                            SHA-256:87B24960847DA3DD9D8AB11E4E705DA6622BAE82B02E33D2611280E8954625A2
                            SHA-512:B487AAB212E51672C48EDCDBA77CA972E4C70256C855ED877C1ED0E242724D504D8BCF3EE810FBFF9A6C1AAEAF77513A8BD1A87BEB3E52CDCD4F47B4CAB44B8D
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js .NW..A-/....."#.D.3..[.A.A..Eo........`..........].>....uUf..N...k......c..l.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):209
                            Entropy (8bit):5.517812842454537
                            Encrypted:false
                            SSDEEP:3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVTO3zi+qkvRktvaFtVcyxMtv4:mJYOFLvEWdGQRQOdQDG9katCFjD6g1
                            MD5:50EDDF3133AEE1ADD166B225AE87BD39
                            SHA1:28F2F0095C35BB6B5927B008E9A15A0A6D9B201C
                            SHA-256:9550F2E7A4E10CE1BDA78F1D92B1D1483B8002BF2E1BC8416D55211DBC88BF56
                            SHA-512:6BD0004BDEE3E1266C347C3DAD5219668110EC9C25B963FDCA923E2F446DBBA62DE44D575962A51C770F054AE81DD5EE3F64F7C550E9BF4A25D90B7BF66BD8FF
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ..G..A-/....."#.D0...[.A.A..Eo........(...........c..y/L....|y.n..C/I.....X7-ne.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):5.556495901655596
                            Encrypted:false
                            SSDEEP:3:m+lLp08RzYOCGLvHkfaMMuVhxBD//GvRktotDQMWqg4nRb7om5m1:mOYOFLvECMLHBDnGatoeuR/41
                            MD5:E8C31B4B0D14329AD3E822E6CBA43F9B
                            SHA1:C34B3F76B087487357A07819B97FCA166D20F6E0
                            SHA-256:897496A3D77248E84D6D0C308E99D5077098701D99BECC2D03A5837301A88659
                            SHA-512:42F56580E056066CEB2DEA9A1B15727660A4FBB488FCB923F4921C8082D82F1AD162B9923EACAB743B880273242C27D9B72609983157BEE948099774EC682394
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .....A-/....."#.D...[.A.A..Eo.......fX..........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\39c14c1f4b086971_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):212
                            Entropy (8bit):5.5872647277797745
                            Encrypted:false
                            SSDEEP:6:mGpYOFLvEWdzAAusqltmC/lUGm0bbsIDMGH41:XfRMBl/UVKsIZ
                            MD5:0F112C9BBD2F90A79373C129048B1669
                            SHA1:3713D5C78ECB8CE787301DF231DF3B94FF149EA4
                            SHA-256:91A2B20C43DB771CEB9F8C3FA12682195750638A90A24D63589D35CAB4AF8C90
                            SHA-512:B78AD2E30F584FFBA011255C8A47372D113741CEBA82A367B1C58BBD6202437D337A5567789801B2113C91C6BCAA3E0A7CF975F5E314D7ACBD4C992FB85603A8
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......T....,.^...._keyhttps://rna-resource.acrobat.com/static/js/plugins/walk-through/js/selector.js .q..A-/....."#.D....[.A.A..Eo........y...........`.....^....L>..Xa./......C.y.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):214
                            Entropy (8bit):5.489826957604824
                            Encrypted:false
                            SSDEEP:6:m4fPYOFLvEWdtu+ct9katWuby0zBUKSAA1:pRukagub
                            MD5:8D51A4619AF2204DF0BF1DB186A21CB4
                            SHA1:6726C6455D89531190D6662F918E90E269484937
                            SHA-256:04B0F01897E90A81603896BD2386CBB255CAC4FBC04382D062DF018E2728DAA9
                            SHA-512:F9D20DE791C887F810DA8CCC01750D0343CBF2CF4B62CA09C21213B7CA27E8DC665AC7ADE99D2F072CD8C780E62EEA9A3A15155FFB9570E92C7BA2CF5E1B650C
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ....A-/....."#.D.n..[.A.A..Eo.......7L.........Q..E.=....=h`t..t..3%A.F$..w..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):5.486513173534792
                            Encrypted:false
                            SSDEEP:3:m+l64HXlA8RzYOCGLvHkjXMLOWFvjwdvRktcF/lWd1dn76KohyP5m1:md4HXXYOFLvEjMSWFvjwdat+cjUdyP41
                            MD5:4F6E4DDB762D3801CA407640DED5FA01
                            SHA1:F8FF5E0A55D4CA733AC3B0951E19F6F387B445B6
                            SHA-256:8DA029EC669E6956DC450C9DDCF0C5E25320942DD6A28A422D7553275FB92FD6
                            SHA-512:F800F6C46F663631A2A5058E9632FCC31BA020FB58F9A545F4FF0CDCCB0C60AD3E9D8579602BC4F1397194C461646E1BAC63F4C6869CDCA1A6679D09426D2788
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .....A-/....."#.D....[.A.A..Eo.......x".........PU ....t^.....a.k..u.7.M.BW6#}..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):187
                            Entropy (8bit):5.541251736357046
                            Encrypted:false
                            SSDEEP:3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLnBKjSuC0kvRkttlRUPqf9tsDMaPV44m1:mkl9YOFLvEWsfOLBMGattoPqVyM+VY1
                            MD5:1DC27079547F910668734420E3AEBC96
                            SHA1:DF97ECB2327BDEF5D7DCDA404674743447F17E60
                            SHA-256:E9AA0CBEA6224BC52BB64008D86E181ECA5F730CED292D8D5A06234337953EAB
                            SHA-512:93C6ABC7ED1E8D1EA8F5B6EA22760FF3CB554114ADB239DA6E7A019C6A6F2E939F541A32EDE3BCDB08C11F6C690550A77ADB04D55AF75D059D3AEEEF701299EE
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..K..A-/....."#.D....[.A.A..Eo....................q.O...j....._y..L^z...?..@N..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):244
                            Entropy (8bit):5.581123571154608
                            Encrypted:false
                            SSDEEP:6:mt9YOFLvEWdVFLBKFjVFLBKFlyAkVGVatgL/itwSeKaT9pr1:URVFAFjVFAF0VWaeL6twSeKaTL
                            MD5:01DAEC9ACEA84999A0A00D04326A2421
                            SHA1:F7C6265B344F52FFC407C05818277782941D747B
                            SHA-256:97ACBB17820FA1BA516B7540AC16E2A2C1C3AB50D4F8D9CDA68128DCA449AB48
                            SHA-512:C72BE3E82DC3BEE5692B8FEAC2C1242B1159123AB0C407AD6DCDAB491EADE64C23D0D84953B9B03189869EF65D1DDD2F308D6A9E50B4A0006E6DDFAEEA5006C5
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .....A-/....."#.DN'..[.A.A..Eo......<................H...{...2../.k`..r4.C. .A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6267ed4d4a13f54b_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):210
                            Entropy (8bit):5.529922615604435
                            Encrypted:false
                            SSDEEP:6:mq9YOFLvEWdzAHdQAVG9t7Ut5GFCaa+41:NRMHdHG9Ot5Gda+
                            MD5:478211356FF469D688AB52F543183DE3
                            SHA1:7FE3BBACBD8D0D3D8EB57F0755348FA18BCA5DD4
                            SHA-256:E7A85C6474C8BC20C37C77D3705A21C3856AB721F692D8EC9F0ABC74864A0697
                            SHA-512:3035D746BB49401B81B325FA73083FD30FD9C8B02ED8A259C7FE392DDF7D396F97B9ACC215A7F64477B8E518DF408BFFDBC89D51114706C348EACA3D81F8C9C2
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......R....L......_keyhttps://rna-resource.acrobat.com/static/js/plugins/walk-through/js/plugin.js ....A-/....."#.D._..[.A.A..Eo.......xk...........G.3D.....Q.g0...._.Q.........A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):211
                            Entropy (8bit):5.48826005059253
                            Encrypted:false
                            SSDEEP:3:m+lx4F08RzYOCGLvHkWBGKuKjXKGBIEGdevA/KPWFvG0OC0kvRktklhyrpYFm1:ms2VYOFLvEWdvBIEGdeXu4B9kat511
                            MD5:21004160700788BBC595F76A37C0FB93
                            SHA1:BDEB1EF62D0422C0096D1D4E2CF1F141F113F9A1
                            SHA-256:67CACB609589C681D649790A7C9A7F1334E3380115F6C04B85B9B6D919A3CAB9
                            SHA-512:C1FF53209A9F2D10C3BFC565D508D2355214F867D0463F79D1FF07D3A074A48A1F01B8B7444EEDA35CA587CCE3139ECED29088D0FB4B482CE7F911E009AEBCCC
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js .....A-/....."#.D=F..[.A.A..Eo.........f.........A.o]@r..Q.....<w.....].n\....A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):202
                            Entropy (8bit):5.560190405106122
                            Encrypted:false
                            SSDEEP:6:maVYOFLvEWdwAPCQ6gcqGat3l9xm7OhKlvA1:RbR16wcwr9xmJ
                            MD5:0FF3C960A94A20BDEB29E5CD8EF3249F
                            SHA1:FC7A42873816B77F5ADC1CA69EDCBA98591AA46E
                            SHA-256:AD8A180BD193F2AA973E132BCA41B756EC48FA9B4762FBA023D16AA1D92C09AE
                            SHA-512:39229CDF8A6132C018C3A5674C6DB7E18B4DCAC3631AEA7F1C4EAE28C4843C9A434EBFD2155D27CE656993A48FA9113B75BB79846B358C2B504910D8D89F8A6E
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js .{L..A-/....."#.D...[.A.A..Eo........pa..........4T].....Tw.....(..b...EO....9.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):211
                            Entropy (8bit):5.556228962394882
                            Encrypted:false
                            SSDEEP:3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvSP5/lk9kvRkttlddF5Yud:ms2gEYOFLvEWdGQRQVu2529kattdFt1
                            MD5:000F11BAE1D3058CDCB1FE1C8D965553
                            SHA1:616C520174E00529A35B45D19BFF63E60C411497
                            SHA-256:6ECFBD6392F9EE1D7A40A2F98EF8249E0F468D883555CDD5BBE47FEF5253C38D
                            SHA-512:C80A04EC4AFDDD8D0FFA1A92CA0C3ECE7C4E6E44745723BD6FF41519D99B640DE166503F64AD6389389AB1933993448E6828AC50A94FCA09BFF6524A4E9D3E0B
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js .....A-/....."#.D....[.A.A..Eo..................@..{o]...9o|..qY....T....{..u.b..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):206
                            Entropy (8bit):5.540947244689822
                            Encrypted:false
                            SSDEEP:3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVH+8iKdvRktd/lgEnNWQ1SUm1:mzyEYOFLvEWdrIOQwdatd/GEt1S/1
                            MD5:8BB3F3E1EB44FF6A84505DA7666FFEF8
                            SHA1:3CCA999C9AC3FC601DA7B319790D0CD2086A5276
                            SHA-256:A919DF68430B59EDE8A1E86296258D034EC132319770DF6C1008F21E7BD9E402
                            SHA-512:16B8409DFE579B97DB7E1DBE3AF03B9FC4177B391DE8166184E70703E139875A1F447E796B0F50EB4E94B14D602A72B33D2AE58E8563B9857F6C3A9172B73527
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .....A-/....."#.D....[.A.A..Eo........N..........t\a......x5.'OuE.C..@......x..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):218
                            Entropy (8bit):5.5294274334880065
                            Encrypted:false
                            SSDEEP:3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvf1BavTqnGvRkt5lwJNqww6U+5m1:mnYOFLvEWdhwyu11+9at5lwrqwK+41
                            MD5:5C6A38E7EEEF0667B7E4A58B9CCC2D95
                            SHA1:B4464C0FC2F30F91013FB1F75176C0BEB4EB299C
                            SHA-256:0B61F9ACEAD2C6422530078F1D8628B447942824AE9D76EC291F57546BECC611
                            SHA-512:BFED4676E83E683286AB88E58465C3FDEE31C0446A2B57F87724165C78BB873042905D0AB21F11C18046936C9E09678FFC35E744593B7FFBCA257BBDD4782286
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .:...A-/....."#.D.v..[.A.A..Eo......~..a...............7...o..a=.98I......(3.$G.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):230
                            Entropy (8bit):5.541676602788992
                            Encrypted:false
                            SSDEEP:6:mYXYOFLvEWdrROk/RJbuewuuatd/QfO441:/RrROk/VwG7QfL
                            MD5:834C2140C46A63BA04E74AF59B9656A8
                            SHA1:C344C9A33C652836837F9BF5E7CD94680B3C1327
                            SHA-256:162C454C70069028161D63B2787BE15D4C7E36D403F991CC0A8CAA24DE438CB1
                            SHA-512:5A92D3B6FDE06B56B55DF75248E942CD3BF4D0F597646A1EBF34C1CFD6EEEE747EEDC1B19C381199194C588A833FCF37FF18BE422D9A76914A63203D0579F633
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .D~..A-/....."#.D....[.A.A..Eo........."..........~..rw.+[....!.)?..f.U..(=.=.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):186
                            Entropy (8bit):5.556552922695313
                            Encrypted:false
                            SSDEEP:3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVepM/9kvRktziulllHzoIN1OFPL4m1:mmDEYOFLvEWXIemuatzZlpzV1QPLr1
                            MD5:5D880F83AAECA3BFB5615289C2CE439B
                            SHA1:F2A55703EC93B97390215934346387CFD85EBA43
                            SHA-256:0BEAD7A39F45ED078FA846663FCEBDCC1CAF529ED954629AFF065D6A904F4C6C
                            SHA-512:2BBF72E72DAC3D17A913A4486A24537A4A9DED6E697ACA7D7F5416BE3B3C2F72B7B3E9CC8D3868FAEB7B7DE2AE4741F43191630C1E9A14F4BD0209287B0F466C
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..=..A-/....."#.DZ...[.A.A..Eo.........g..........~]...%s..<...n.f..<.....1#..U..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):207
                            Entropy (8bit):5.5876558790903275
                            Encrypted:false
                            SSDEEP:3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFvJ3d90kvRktl/lU8D6EsEJeUm1:m52YOFLvEWdMAu/ckat1uEvsEJ41
                            MD5:AAF3483F215F16F1D5B249DDA7C571CB
                            SHA1:3B0BEC1F88ECC771CBB43FEE81B6B2044CCAC12B
                            SHA-256:2361B433C874F33939B06E6BC8DA185F1E4ED04562E751489EB33FA6F8738660
                            SHA-512:D291773EE4D9B13B07369BF58CED5B7B725C17EB944E6F781FEC1CCCDB0C25DE5BEAA5D18F30C704B35B4766B2C4A894732FB891C483786A911E8F61340C98A7
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ....A-/....."#.D.|..[.A.A..Eo........7"..........z._a...'.v.......4p3..1.']...A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):210
                            Entropy (8bit):5.544511422109495
                            Encrypted:false
                            SSDEEP:6:mYilPYOFLvEWd8CAdAujKk9katO4ong1:6lJR9kGaw4o
                            MD5:32AA05342A0E3A17C32C47A6CB5E34D0
                            SHA1:CD92887A0695B12E60A968C187D8208611884992
                            SHA-256:F2DB2C37F43BE40D8F74946F7B9099758DB1FF6FD9C24857F15EAF96D42A3EB8
                            SHA-512:F1D8020D56645337D969121629EBE125DCCF78547896A8764DDA7BEED969C6C533BFC2E8E69F150262AC3EECE5B276F241A2650C17C8D743B5AED7AC3F91AAF5
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ....A-/....."#.D`...[.A.A..Eo.......Z.d........c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):223
                            Entropy (8bit):5.543716596473144
                            Encrypted:false
                            SSDEEP:3:m+l18t08RzYOCGLvHkWBGKuKjXKeRKVIJ/2oKPWFvKBFGAvRktwfdOe28WIJLkxb:mY8nYOFLvEWdrROk/Ius3atuN16wG1
                            MD5:FC93120BA1FEC00D8C0F8A1C0686A988
                            SHA1:F7DC8CDD2AFDC1772AF68378BC68672A5D722FE3
                            SHA-256:1F6B28534C4FC257597A91BCD30BB17CCABE744AC1C859FD6F9CFF59360BCADA
                            SHA-512:AC0F53796ABD147517C557B865CA65B5FA1A768D135D6C79DBE19ECA1425D3E58EF3DBE996AC80A09B458C491351429F309EFCB3F681B63424EF8867A209879A
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .{p..A-/....."#.D....[.A.A..Eo........Jm..........%.k.SZ..~W.....:)'B..ad......A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):213
                            Entropy (8bit):5.631314896230789
                            Encrypted:false
                            SSDEEP:3:m+lstxt08RzYOCGLvHkWBGKuKjXKX+IAuAJVKjXKLuVD9dvRkt/Bll/mPmJelc0A:mLrnYOFLvEWdrIoJUQYdat5lleeJIi1
                            MD5:3B0590085332ECC85CEEFFB95895E566
                            SHA1:577FFC9D846B780338C3D719C9F01D80F34CEEC1
                            SHA-256:02C1A89F0F74B10F095FD6E78DC65CB5C6DE762C0B2326162DA22273E7CC95F8
                            SHA-512:AC2F9EDE9D24708D7DAAE1FB55A1B7F9CE682A377BBA80E0A5C9D04F5ED6CF061A36EACD4710FA193F0B24402B67707FB58D56B3585ED9561AB189ED073CC576
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .....A-/....."#.D]2..[.A.A..Eo........{4.........;"./N_.,.:C..2....9L.H...3:...A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):208
                            Entropy (8bit):5.511484335080534
                            Encrypted:false
                            SSDEEP:3:m+lQ/pqv8RzYOCGLvHkWBGKuKjXKX+IALKPWFvanKWmGGvRkt00P6mgmOZLhT7Uy:mOEYOFLvEWdrIhuW1uat06zgm2d/1
                            MD5:CFEBE8338783EBAD6BA2A68E27378E28
                            SHA1:9FD69EBFBA8530BD394E03B55DB4D01FA65093E4
                            SHA-256:B1B9CFCD092E7B1771B6237DCBEA27A6976976F22D7EFDA6F0F8681837EC1EB1
                            SHA-512:D4E956C3A0E2670DE07859A7B7765728984573752665459885ACBBA0006A2BAEC28E3868FAA64E11AE956E30DE9FAFA7BCC03749A9A91C78133CF168CE973436
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .?o..A-/....."#.D.{..[.A.A..Eo......v..)........Z.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):188
                            Entropy (8bit):5.518606430162924
                            Encrypted:false
                            SSDEEP:3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7Cv8ALIk9kvRktQ2eBiaQ562HvpMm1:mAElVYOFLvEW1KtAskGatjrx56uvp1
                            MD5:16B81034CDB7C39BCEB071A217B1230D
                            SHA1:8710E703D4B7A7C768BE0230610D2DD3E5A2AFFF
                            SHA-256:5D0C7CA2428CF7BC4640E1A6A2E0F969EB32BD73184512CBD6D29CC8A403559E
                            SHA-512:4C3DC68E349797AD91C844D19079DBD6A8F1EC5B0D6712B9E5CAE431C861917426BEAC9465A79E996B1B1D1E367C8A76DAFE5262DB9EABC6BF94A29F27483287
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ....A-/....."#.D....[.A.A..Eo........).........z?...SwC...^..y.....V..7R-O.....A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:modified
                            Size (bytes):214
                            Entropy (8bit):5.594159748735725
                            Encrypted:false
                            SSDEEP:6:mWYOFLvEWdBJvvuZqdqkat59UDLYtmOZn1:xRBJPdfan2DcFZ
                            MD5:B9F304B0D0A3F8782939C5353AA024BF
                            SHA1:CD0451490711B43833A8621B2E64EDAAF432B2E9
                            SHA-256:F53C5F0F6E51AC6E0E46CCB1D544B38DD18A0847D7C158FBB8842A0E7F389DDB
                            SHA-512:3976EA6DEC19BB68B01531B6F8FE06356493FF18EE9B6A32B7B01F4014B80C4E63AC787E2A387B761F5E0AA34F51179F625F75C6F2CEAE2D23981C7ABD785106
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .....A-/....."#.D$^..[.A.A..Eo......n3.~............t.q..W.EZ....1...[.zC.7mD..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):211
                            Entropy (8bit):5.5715007873706135
                            Encrypted:false
                            SSDEEP:3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFvJc1eVQfvRkthNtpSKGoSSh:msRPYOFLvEWIa7zp7xKYath38VPu1
                            MD5:6C287D17F1CD5AF43F3E8ED967A57157
                            SHA1:6AAEB13EA1DDB20806013D90C2C41499DEFFFE9A
                            SHA-256:346BF928C03817439788614F6A69088DF177E7486C9394C9815B0FA115DC2BD2
                            SHA-512:35CC4A5739DE497163F6A104698FFC8A49CBC9C9C403E61B92615F5D5FB4478D383E93AC168A526A0E10A51B35F9FEABB6FDC480AE2A53ED06034064454F53DE
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .....A-/....."#.D...[.A.A..Eo.....................L...Im.@.........E.nW...IP..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):208
                            Entropy (8bit):5.554345467239414
                            Encrypted:false
                            SSDEEP:6:mKPYOFLvEWdENU9QHykj9kGatyl/CwiM3Y1:bJRT9JkjSklfr
                            MD5:8F25C032066B541D34948C8EA3294D9A
                            SHA1:2C2A9187166177EC164C7B254428F4F4A2071630
                            SHA-256:0819F2FB9ADE235A5DA87E61FB7074F5C40D936737DC4F2DC68052462F9BD864
                            SHA-512:C716E9DCE3F11A6520AD372F8B9AC6BAFF173D4E94E9DD71BFDC7BA1F72327EAAD2B4CE4ADF9385194EF7B6480DA4D7C9A34C315A5F0D237A0C3C5A9DF766089
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ..U..A-/....."#.DF...[.A.A..Eo......29VJ...........M....m+lS..e.....<7.U.P8*.0K.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):208
                            Entropy (8bit):5.559727272425777
                            Encrypted:false
                            SSDEEP:6:mQt6EYOFLvEWdccAHQL23Iedat3jBRCh/41:XRc9XIedapDi/
                            MD5:C3A3720B41B90F1996B36FFE79C9AE15
                            SHA1:20BB90C39E668ED2B4100232B28C88F5D9CAAA12
                            SHA-256:084CBEEA61E00372E8D15AF40B0963549590D11B823FB2EF66345D94BD38B89D
                            SHA-512:8D106AD5B05FDDBB950E77532193F7D9C7D45A978F86C27E552673708B1C7718536B0E230B5895C914C5BF96EDA579ADD41D8D4AE3B0DFC06671829E413F0BCB
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .j...A-/....."#.DC=..[.A.A..Eo.........|........PJm...0x.x..RD...BB!@5..<..]....A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):231
                            Entropy (8bit):5.6006554266297375
                            Encrypted:false
                            SSDEEP:6:mqs6XYOFLvEWdFCi5mhu560820jtSflkULlF4r1:bs6xRkit82Qg97LlF4
                            MD5:8FBB800D0B2A5BE7B381FDEB51AA2FA5
                            SHA1:72CF507E40D0E16176F06359A235D355C991ED72
                            SHA-256:7A16B7A41DEDD7CF22A4964FD0F13D6040A5703410C51332A0795D8B4A5900F2
                            SHA-512:BB2331C87BBF6213FB0F8DAC5D765B60EEA105CC06D1CD66A1C20CBF0E457CD4760A2A8E0B43FADB3016EEDC135282A06C9745142B51EB9D66F557CB28A26CD4
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .6...A-/....."#.D....[.A.A..Eo.......2Kz.........P...#4..l....5...5..).w.. .h.~..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):215
                            Entropy (8bit):5.5100729470258045
                            Encrypted:false
                            SSDEEP:3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvN3iyqkvRktJFtXECcu1isLK5m1:mhYOFLvEWd/aFuvypkatrNEN941
                            MD5:E46E78217FD62D75B66AB62368FCCF71
                            SHA1:0DF9D0A3F278A5FB23ABB7CC9AF821BBD8FF7E86
                            SHA-256:B31309C4DC2DF89C373A04AEA6CC0CEE60063AFF9D4CF08790BB26196DF93034
                            SHA-512:C0CAC58A701411ED40A03E8ABA0624F8DDAA76DF8485BA3D2C70F0CE4A867A991070227E6C3B2C2F88FAA9BCB75DFBCDACE98F5ED6A62708B0EDCDBB963C72FA
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js .....A-/....."#.D.|..[.A.A..Eo.....................a.f.m.i.o.p..3U5.....^...I.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):208
                            Entropy (8bit):5.495714881226324
                            Encrypted:false
                            SSDEEP:6:mR9YOFLvEWd7VIGXOdQ7katJ/VBMqVd3G4K41:2DRuRKkaP/VB9Vd2
                            MD5:5BEC4200E73941E984011BA13D6EABC7
                            SHA1:CA927BD8BDA7ECAFA653EAB94255451A8AF1E4C9
                            SHA-256:0D10BF7CCFCF0C28B336B3C8A61E3ADB500F6AFBF71EACD133A4C2C55630F3D3
                            SHA-512:A00425A435DBB01835C86A27C0E48D1B2E5C08C35FE1D55C599C37A3EE94ED63DF4EF6EB3D2AB563AFD7718A26C6DC51D4C22F54F66260868089DCA5374235C4
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ..^..A-/....."#.D.T..[.A.A..Eo........I..........y.$..$.v5j...T...z.]..._S....A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):208
                            Entropy (8bit):5.5848199692953635
                            Encrypted:false
                            SSDEEP:3:m+lQyu6OA8RzYOCGLvHkWBGKuKjXK9QXAdWKjKLuV+su/4/9kvRktncwlRW4Thz0:mkqYOFLvEWd8CAd9QC9katnfuA424r1
                            MD5:96657C74319756CA0BE24B904D4416CE
                            SHA1:FBB69ADDCC2BA676286E727C24E3EB731560AB17
                            SHA-256:27EFB772C1CE6F8B6031B58CBD42CF18C6990AC8B47B7D0F99F746D43B803D06
                            SHA-512:B49B8FFC6165B1E8B1F7927AE7713C6329E6D9A7334BAC1CD3F76869469FE4D6319F522FFE20B55070C2725ECC51EBB2E785007724C065C3791AA3E39D09CF5C
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..J..A-/....."#.D.K..[.A.A..Eo......=.9=........#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):210
                            Entropy (8bit):5.532714984530008
                            Encrypted:false
                            SSDEEP:3:m+lS5Etla8RzYOCGLvHkWBGKuKjXKVRNUp/KPWFvH7a03g/GvRktLll1Ag2iHio9:moXXYOFLvEWdENUAutNwuatiyC8n1
                            MD5:55783BCBF1BBDA9CB21AF43D2518B19B
                            SHA1:49F9236B2B84D57DF41D7E451E63316261E0BD8D
                            SHA-256:7B401E82CCD92A97E428C33538FA6B5695513A0B344731685DCF8DD0B8955D53
                            SHA-512:1C1D8C3BFB98ADC1A4269E0853B49BB568A08B4933D85DD7C3346DB1730B2785E1BF4240D82277E10D25897BFE638E3740B713D4CF83D2C604D2D16859D69EBD
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .....A-/....."#.D.R..[.A.A..Eo......W.........8.../...;.\\o....1..........+..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):221
                            Entropy (8bit):5.570781242131397
                            Encrypted:false
                            SSDEEP:3:m+lFNrs8RzYOCGLvHkWBGKuKjXKeRKVIJ/2kKLuVH33iu9dvRktR/sYWmYk5m1:mQZYOFLvEWdrROk/VQ2HvatR/sLmB41
                            MD5:DB2A0E10BD325DCBD24F829E3BB9604F
                            SHA1:FB87C11B1DC7A829DFF56757EE1D64CD74871815
                            SHA-256:1641B4D3E0531069F2D2BF928CE1E8CC0D15B6871371AD744783837EAB88C701
                            SHA-512:F8E9AAAA031C945F1DB6A18AF87388726E8A98B039A380A932ED57DF8689B5C319175B32B1A4FE252F653E40FBFFC95AE06EE5875549BD56C305669284339D5F
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .....A-/....."#.D.G..[.A.A..Eo......r .......... ./.ev......N~..6.b.....$.j;:C...A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):210
                            Entropy (8bit):5.565040183022998
                            Encrypted:false
                            SSDEEP:3:m+lUV/la8RzYOCGLvHkWBGKuKjXKjcAW6KPWFvo3IKPsvqkvRktKZHXXrobk9mZ4:mZ/lXYOFLvEWdccAWu2rkatGdm9741
                            MD5:2290F83EF13E203930AA0E7DDABB776E
                            SHA1:33BC5FD03A0328D62F896E5DDC4660852223F174
                            SHA-256:D1612F43E90009D431A14127C61761FB0BDBE7C09CA0032C6969F5CE67FCDEE0
                            SHA-512:CEBE8B4A4406E0D795849DEA46090194CF980EF895756EE0C51776E1BCDFA51618F5B046F27D695396D99EE855F20CA828C279A7F15361A1D32A445F7E2EF956
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js .....A-/....."#.D....[.A.A..Eo.........|...........U...I.>P...X...x..0U.~;m.x.k.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):204
                            Entropy (8bit):5.50340028674875
                            Encrypted:false
                            SSDEEP:3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvuwI+ldCfvRkt+GFOB6shoq+Nem1:mMOYOFLvEWdwAPVuPIaaat5FOB6Jn1
                            MD5:53F204A2FF8D25C7B8EDFB0A40F0EC31
                            SHA1:11297961881E87C7E81F3981C8EB74E71285E4DB
                            SHA-256:DCAB5758DA8F5607D961EF4DD792246E399DDD727EFE4B6DE78CC1C72C5A839B
                            SHA-512:89D12E458E26E33DBD76936F9CC83696D95F936E00A243382249F00C134949D8B9B002EA430E905327D437BBDDB06A2D6FAE7670E557AA3FBD56AEBA3FD11256
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..m..A-/....."#.D%...[.A.A..Eo......cL#..............k....F..D..O.n;[.1m.....=..A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):212
                            Entropy (8bit):5.603877706460007
                            Encrypted:false
                            SSDEEP:6:m3PXYOFLvEWdBJvYQxoJ9katVEhcsBXIh1:mxRBJQTkakB
                            MD5:1EAEA0716F9A349889DFBC13ECBA30E7
                            SHA1:A972CCDCB38C1279B0209ACC2348B2D2FB4ABEA2
                            SHA-256:86DC24E6EA9A663FC86B4D90E42E367659F1816AA26DDFAC50CE0B109ABBEF71
                            SHA-512:FFB7CD69E0884A73A0222CCFFB1FBC54681A92132C769F242B71C5E0AA265B3A6E37FF4F7D9C3F46D09416812DD3D39403CB02883B60C3D302F6900A0B06D7C6
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js .<`..A-/....."#.D....[.A.A..Eo.......\x............k..`..N3.... ..d..$[.....{.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):228
                            Entropy (8bit):5.582341989883023
                            Encrypted:false
                            SSDEEP:6:msPYOFLvEWdrROk/RJUQJXwkGatR4Zc3Me/1:3RrROk/s2XwQs
                            MD5:77A149F8FECE482C8938E3E5D4D1AB12
                            SHA1:432128ADE3841FD9530846341FB6457FF270A319
                            SHA-256:6DB305E27BE9FB9096EB010C04392A4D70AA079766EBDE5501DDD98ACBCD2CC3
                            SHA-512:E5862130BA8922D54D26104358A639E8DEBA1397E99F524683EB61EDFE47FB4FA983287CCE36D9679813200D67DB924C15FF728B463FF39275C21F9BCE2344F9
                            Malicious:false
                            Reputation:low
                            Preview: 0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .....A-/....."#.DI...[.A.A..Eo.........W.............9Q].8O.z....=..:.N.{....N{.A..Eo..................
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):1080
                            Entropy (8bit):5.120177675331681
                            Encrypted:false
                            SSDEEP:24:Mikozgx+TSo+KMT+MkVL24+ee+HvcmX/PMxBl:MikozgxE1+Ka+MkVqFee+HvcmXMxn
                            MD5:7F979392FF8E9713BEC81A7AA4F77F8F
                            SHA1:82353D1377AEA8ABC0630FAF41014DF2C4927366
                            SHA-256:C41F8F5948646CAB0F9BD5BE3AF9DBA37AD683DED0C277B9F4E095B9BA79AF82
                            SHA-512:EE6A301D9CF05FE26C7B7AE52E9528165C4E358C0D8BD0B643B6091FA0ACC98A4B8B3CC44DDABD3FC8A684E137041E1EF7820902AB1A21C4C9A622E56B3118B8
                            Malicious:false
                            Reputation:low
                            Preview: 0.....;.oy retne....+........V............*......A-/...........;.y~A.....A-/..............oB*...A-/............#...(...A_./.............D.4.....A-/..........[.i..%.....A-/.............k7A.....A-/..........]...I.w..A-/.........,+..._.#....A-/.........<...W..J...A-/..........J..j.......A-/...........6<|......A-/...........2q........A-/...........P....V....A-/.........!...0.o....A-/............P[. q....A-/...........3.......A-/..........v...q.....A-/...........a.......A-/..........C..M.....A_./.........qi.K.L.9.J..A-/.........K..JM.gb.J..A-/.................w..A-/.........F..=z;.....A-/.............o.....A-/.........Gy.'.h.....A-/.........:..N.A......A-/..........;/.......A-/....................A-/.........A?.2:......A-/..............q.....A-/..........u\]..q....A-/..........o..k......A-/...........*........A-/.........^.~..z.....A-/..........+.{..'....A-/..........@..x.....A-/.........*)....J:....A-/..........&.S........A-/............MV3......A-/.........
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):1080
                            Entropy (8bit):5.120177675331681
                            Encrypted:false
                            SSDEEP:24:Mikozgx+TSo+KMT+MkVL24+ee+HvcmX/PMxBl:MikozgxE1+Ka+MkVqFee+HvcmXMxn
                            MD5:7F979392FF8E9713BEC81A7AA4F77F8F
                            SHA1:82353D1377AEA8ABC0630FAF41014DF2C4927366
                            SHA-256:C41F8F5948646CAB0F9BD5BE3AF9DBA37AD683DED0C277B9F4E095B9BA79AF82
                            SHA-512:EE6A301D9CF05FE26C7B7AE52E9528165C4E358C0D8BD0B643B6091FA0ACC98A4B8B3CC44DDABD3FC8A684E137041E1EF7820902AB1A21C4C9A622E56B3118B8
                            Malicious:false
                            Reputation:low
                            Preview: 0.....;.oy retne....+........V............*......A-/...........;.y~A.....A-/..............oB*...A-/............#...(...A_./.............D.4.....A-/..........[.i..%.....A-/.............k7A.....A-/..........]...I.w..A-/.........,+..._.#....A-/.........<...W..J...A-/..........J..j.......A-/...........6<|......A-/...........2q........A-/...........P....V....A-/.........!...0.o....A-/............P[. q....A-/...........3.......A-/..........v...q.....A-/...........a.......A-/..........C..M.....A_./.........qi.K.L.9.J..A-/.........K..JM.gb.J..A-/.................w..A-/.........F..=z;.....A-/.............o.....A-/.........Gy.'.h.....A-/.........:..N.A......A-/..........;/.......A-/....................A-/.........A?.2:......A-/..............q.....A-/..........u\]..q....A-/..........o..k......A-/...........*........A-/.........^.~..z.....A-/..........+.{..'....A-/..........@..x.....A-/.........*)....J:....A-/..........&.S........A-/............MV3......A-/.........
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):292
                            Entropy (8bit):5.24371018264072
                            Encrypted:false
                            SSDEEP:6:mucFjL+q2PWXp+N2nKuAl9OmbnIFUtPcCzKWZmw1cRZLVkwOWXp+N2nKuAl9Omb5:tI3+vaHAahFUtPVzKW/1QRV5fHAaSJ
                            MD5:5031AF95FC4AB8C37016C3EBA8D12077
                            SHA1:5DE56182C1C652623A615EE40677D9F390EC53F4
                            SHA-256:03A035598A9FCBEC22D297F4C008DDFA37452E10C2B07066BB763A900A08AA99
                            SHA-512:7E6F4A1190C61E0CA2BF4E8BA6716CF9004FA3B33E681B659A7807099CC0299762D87297C4C5928055B10FDAC43084DDD9C56D75B01833A8BE45541A3FC5A49B
                            Malicious:false
                            Reputation:low
                            Preview: 2021/10/18-19:19:47.074 123c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/10/18-19:19:47.075 123c Recovering log #3.2021/10/18-19:19:47.076 123c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):292
                            Entropy (8bit):5.24371018264072
                            Encrypted:false
                            SSDEEP:6:mucFjL+q2PWXp+N2nKuAl9OmbnIFUtPcCzKWZmw1cRZLVkwOWXp+N2nKuAl9Omb5:tI3+vaHAahFUtPVzKW/1QRV5fHAaSJ
                            MD5:5031AF95FC4AB8C37016C3EBA8D12077
                            SHA1:5DE56182C1C652623A615EE40677D9F390EC53F4
                            SHA-256:03A035598A9FCBEC22D297F4C008DDFA37452E10C2B07066BB763A900A08AA99
                            SHA-512:7E6F4A1190C61E0CA2BF4E8BA6716CF9004FA3B33E681B659A7807099CC0299762D87297C4C5928055B10FDAC43084DDD9C56D75B01833A8BE45541A3FC5A49B
                            Malicious:false
                            Reputation:low
                            Preview: 2021/10/18-19:19:47.074 123c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/10/18-19:19:47.075 123c Recovering log #3.2021/10/18-19:19:47.076 123c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):131072
                            Entropy (8bit):0.010978819626460943
                            Encrypted:false
                            SSDEEP:3:ImtVdXb+j4x9pPlXlpyPll//zVrzlltD0lGQZ7XEZhGIelHdP4/X:IiVtg4x9pdM//hFwl570ZhdelG/
                            MD5:E36F8F81D3C03F6AAF7D768706B7673F
                            SHA1:EECE93F9E417717892E50F6A159516DD76C255B0
                            SHA-256:C6E687FF9677244574F37AD2877726DF64E5BAADDA2ABE8C4759BDE8344E44F2
                            SHA-512:0582ADCFA1A09095D4482C9A61475C8B77FF444BF2655DE4F6583BBB2699A054BBB2292DE2741FEEB27AFE0835B0B48F476418EE1A666DE20CA146D1EB4390A4
                            Malicious:false
                            Reputation:low
                            Preview: VLnk.....?.......Tq.>..j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-211019035527Z-187.bmp
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                            File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32
                            Category:dropped
                            Size (bytes):71190
                            Entropy (8bit):1.6547574809332541
                            Encrypted:false
                            SSDEEP:96:zRT3ft+TK0om6qJeBhGCIgQIpaKPX/LhVV:z0JmTl
                            MD5:E3A91B728E07C4C7D30E18C798AD2B27
                            SHA1:7B1FA21BDE0F9A8E0F36F3367626F6ADA9FF95FD
                            SHA-256:B1279FD96D4E02C86E192843EF97C75F9062FBC67C7381FE000751DFE705DF22
                            SHA-512:A89178DFBACCBC3DEBC9B8953040FE9F4ED1BFDC6D2F1C9CB33E066B09B9B6875037FB2AE5C8453D9E71AC10F0FFEC9EB5F05C80F3CE993795F0CFC2E147771F
                            Malicious:false
                            Reputation:low
                            Preview: BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3024000
                            Category:modified
                            Size (bytes):61440
                            Entropy (8bit):3.564525460282701
                            Encrypted:false
                            SSDEEP:384:3eI9dThbtELJ8fwRRwZsLRGlKhsvXh+vSc:zkYZsLQhUSc
                            MD5:9830357B50FE614009D3301528605C0A
                            SHA1:97B77AEAF675A04BBD519A4D9B381F7A0E73D1C0
                            SHA-256:063C90C5F41073815F6AA11FCDFCF325BBF3D03D1756BDF4A446C96242D9D887
                            SHA-512:A6D7CE18B7CFE0359ACE89F229E69FEEA32C7536E4239DA70FA065E0BA212F0D834613565327992435470645C3BBBE7A47CD54FDA10EDB65D0880DFC85793EF6
                            Malicious:false
                            Reputation:low
                            Preview: SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):3.285319100958575
                            Encrypted:false
                            SSDEEP:48:7MYom1Cuiomuiom2om1Nom1Aiom1RROiom1oom1pom1FZiomVsiomg8qQlmFTIFm:7UutOhVCs8N49IVXEBodRBkh
                            MD5:6648FB901ABA51AA18398E756107FC2F
                            SHA1:15F1A3F28D56B8741456A6BADDAB8830738CF525
                            SHA-256:2C73D99569C4AF7B3F225AF9EBD12320D7B0B77672F105658AAE2282E2ABA398
                            SHA-512:A392464F1230F3E3475251B3905BB79C73DB75D14DA40D5CBC4E60279B138A5C0A4C0D4B81EA8564B4294AA2D29C4A8E807D81D7DB3B82290F401FDA62800004
                            Malicious:false
                            Reputation:low
                            Preview: .... .c......V............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s........L.s.y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6328
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):157443
                            Entropy (8bit):5.172039478677
                            Encrypted:false
                            SSDEEP:1536:amNTjRlaRlQShhp2VpMKRhWa11quVJzlzofqG9Z0ADWp1ttawvayKLWbVG3+2:RNj3aRlQShhp2VpMKRhWa11quVJX2
                            MD5:A2C6972A1A9506ACE991068D7AD37098
                            SHA1:BF4D2684587CF034BCFC6F74CED551F9E5316440
                            SHA-256:0FB687D20C49DDBADD42ABB489C3B492B5A1893352E2F4B6AA1247EFE7363F65
                            SHA-512:4D03884CA5D1652A79E6D55D8F92F4D138C47D462E05C3E6A685DA6742E98841D9C63720727203B913A179892C413BFB33C05416E1675E0CF80DA98BE90BA5E4
                            Malicious:false
                            Reputation:low
                            Preview: %!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Marlett.FamilyName:Marlett.StyleName:Regular.MenuName:Marlett.StyleBits:0.WeightClass:500.WidthClass:5.AngleClass:0.FullName:Marlett.WritingScript:Roman.WinName:Marlett.FileLength:27724.NameArray:0,Win,1,Marlett.NameArray:0,Mac,4,Marlett.NameArray:0,Win,1,Marlett.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.FullName:Arial Bold.WritingScript:Roman.WinName:Arial Bold.FileLength:980756.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial Bold.NameAr
                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst (copy)
                            Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):157443
                            Entropy (8bit):5.172039478677
                            Encrypted:false
                            SSDEEP:1536:amNTjRlaRlQShhp2VpMKRhWa11quVJzlzofqG9Z0ADWp1ttawvayKLWbVG3+2:RNj3aRlQShhp2VpMKRhWa11quVJX2
                            MD5:A2C6972A1A9506ACE991068D7AD37098
                            SHA1:BF4D2684587CF034BCFC6F74CED551F9E5316440
                            SHA-256:0FB687D20C49DDBADD42ABB489C3B492B5A1893352E2F4B6AA1247EFE7363F65
                            SHA-512:4D03884CA5D1652A79E6D55D8F92F4D138C47D462E05C3E6A685DA6742E98841D9C63720727203B913A179892C413BFB33C05416E1675E0CF80DA98BE90BA5E4
                            Malicious:false
                            Reputation:low
                            Preview: %!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Marlett.FamilyName:Marlett.StyleName:Regular.MenuName:Marlett.StyleBits:0.WeightClass:500.WidthClass:5.AngleClass:0.FullName:Marlett.WritingScript:Roman.WinName:Marlett.FileLength:27724.NameArray:0,Win,1,Marlett.NameArray:0,Mac,4,Marlett.NameArray:0,Win,1,Marlett.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.FullName:Arial Bold.WritingScript:Roman.WinName:Arial Bold.FileLength:980756.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial Bold.NameAr
                            C:\Users\user\Desktop\cmdline.out
                            Process:C:\Windows\SysWOW64\cmd.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:modified
                            Size (bytes):831
                            Entropy (8bit):5.116727214118634
                            Encrypted:false
                            SSDEEP:24:d6RYu6nB6y9PL1B6nB6yxePgKIrjYm9vEjYu8:EROnoylLGnoylj5NEjF8
                            MD5:4C95266A391C55C63E2539C4A4272F0A
                            SHA1:4739519AD4D1C1A95C678534257343431801A7AA
                            SHA-256:428C4608FA513B788D0D45AA4096081DE92BA030D46D71A78A993CCF7FC141E2
                            SHA-512:8C4F5E58BED4BF2A21CA5A16DC638AD11517658F403B2D7AC55C575261011BD600778CF313A3E52082C87B9803A2C9461BEDE41F390ADDB10534D359FD9ED6CE
                            Malicious:false
                            Reputation:low
                            Preview: --2021-10-18 19:19:31-- https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf..Resolving attachment.benchmarkemail.com (attachment.benchmarkemail.com)... 52.222.158.31, 52.222.158.25, 52.222.158.93, .....Connecting to attachment.benchmarkemail.com (attachment.benchmarkemail.com)|52.222.158.31|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 77056 (75K) [application/octet-stream]..Saving to: 'C:/Users/user/Desktop/download/Turn_Quality_Data_into_Quality_Insights.pdf'.... 0K .......... .......... .......... .......... .......... 66% 249K 0s.. 50K .......... .......... ..... 100% 294K=0.3s....2021-10-18 19:19:33 (262 KB/s) - 'C:/Users/user/Desktop/download/Turn_Quality_Data_into_Quality_Insights.pdf' saved [77056/77056]....
                            C:\Users\user\Desktop\download\Turn_Quality_Data_into_Quality_Insights.pdf
                            Process:C:\Windows\SysWOW64\wget.exe
                            File Type:PDF document, version 1.7
                            Category:dropped
                            Size (bytes):77056
                            Entropy (8bit):7.176307653157899
                            Encrypted:false
                            SSDEEP:1536:qTxpR7oYON7+DbJYBNsa/3PXyFBNZ3kVapI79:qflb3aPvSw
                            MD5:6ED184B11DBA529B45906056501F2EF5
                            SHA1:933A6A6E03681AC6D01D63220D223EC24759CB6A
                            SHA-256:6336C6BCC4B1FAD64B2B47175A3D1A845226F7FE5E2820465DDD2F6C9C69BDF4
                            SHA-512:593E1189ABBBF7A5865B4A322CFE89D55F8B0AD2E8A078CC209EC1109B370C4E68DC65B767C29F84B7E17BB7983304011A43FB0D861A1C882A3ED656D80409B8
                            Malicious:false
                            Reputation:low
                            Preview: %PDF-1.7.%......31 0 obj.<</Linearized 1/L 77056/O 33/E 44973/N 3/T 76321/H [ 1236 323]>>.endobj. .xref..31 47..0000000016 00000 n..0000001559 00000 n..0000001686 00000 n..0000002913 00000 n..0000002980 00000 n..0000003117 00000 n..0000003254 00000 n..0000003388 00000 n..0000003525 00000 n..0000003659 00000 n..0000003796 00000 n..0000003933 00000 n..0000004508 00000 n..0000005066 00000 n..0000005662 00000 n..0000005697 00000 n..0000006238 00000 n..0000006351 00000 n..0000006906 00000 n..0000007386 00000 n..0000008648 00000 n..0000009074 00000 n..0000009434 00000 n..0000009872 00000 n..0000010966 00000 n..0000012061 00000 n..0000013192 00000 n..0000014373 00000 n..0000015332 00000 n..0000016452 00000 n..0000017302 00000 n..0000019950 00000 n..0000022408 00000 n..0000026683 00000 n..0000030672 00000 n..0000030992 00000 n..0000031277 00000 n..0000040969 00000 n..0000041006 00000 n..0000043858 00000 n..0000044049 00000 n..0000044153 00000 n..0000044344 00000 n..0000044506

                            Static File Info

                            No static file info

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Oct 18, 2021 19:19:31.940546036 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:31.940601110 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:31.940707922 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:31.943664074 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:31.943698883 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.014847994 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.014975071 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.017925024 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.017945051 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.018877983 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.021825075 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.067143917 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.526153088 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.526177883 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.526272058 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.526300907 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.579533100 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.625972986 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.625998020 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.626018047 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.626027107 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.626050949 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.626097918 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.626121998 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.626144886 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.626176119 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.626198053 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.631958008 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.632057905 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.632121086 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.632149935 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.632169008 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.632196903 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.706777096 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.706819057 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.706867933 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.706896067 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.706912994 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.706935883 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.708646059 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.708697081 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.708731890 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.708758116 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.708992958 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.712265968 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.712301016 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.712404966 CEST4434974052.222.158.31192.168.2.3
                            Oct 18, 2021 19:19:32.712428093 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.712465048 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.826669931 CEST49740443192.168.2.352.222.158.31
                            Oct 18, 2021 19:19:32.826699972 CEST4434974052.222.158.31192.168.2.3

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Oct 18, 2021 19:19:31.907795906 CEST5787553192.168.2.38.8.8.8
                            Oct 18, 2021 19:19:31.931272030 CEST53578758.8.8.8192.168.2.3

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                            Oct 18, 2021 19:19:31.907795906 CEST192.168.2.38.8.8.80x6e1eStandard query (0)attachment.benchmarkemail.comA (IP address)IN (0x0001)

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                            Oct 18, 2021 19:19:31.931272030 CEST8.8.8.8192.168.2.30x6e1eNo error (0)attachment.benchmarkemail.comdqkjwx3xr6pzf.cloudfront.netCNAME (Canonical name)IN (0x0001)
                            Oct 18, 2021 19:19:31.931272030 CEST8.8.8.8192.168.2.30x6e1eNo error (0)dqkjwx3xr6pzf.cloudfront.net52.222.158.31A (IP address)IN (0x0001)
                            Oct 18, 2021 19:19:31.931272030 CEST8.8.8.8192.168.2.30x6e1eNo error (0)dqkjwx3xr6pzf.cloudfront.net52.222.158.25A (IP address)IN (0x0001)
                            Oct 18, 2021 19:19:31.931272030 CEST8.8.8.8192.168.2.30x6e1eNo error (0)dqkjwx3xr6pzf.cloudfront.net52.222.158.93A (IP address)IN (0x0001)
                            Oct 18, 2021 19:19:31.931272030 CEST8.8.8.8192.168.2.30x6e1eNo error (0)dqkjwx3xr6pzf.cloudfront.net52.222.158.45A (IP address)IN (0x0001)

                            HTTP Request Dependency Graph

                            • attachment.benchmarkemail.com

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            0192.168.2.34974052.222.158.31443C:\Windows\SysWOW64\wget.exe
                            TimestampkBytes transferredDirectionData
                            2021-10-18 17:19:32 UTC0OUTGET /c903556/Turn_Quality_Data_into_Quality_Insights.pdf HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
                            Accept: */*
                            Accept-Encoding: identity
                            Host: attachment.benchmarkemail.com
                            Connection: Keep-Alive
                            2021-10-18 17:19:32 UTC0INHTTP/1.1 200 OK
                            Content-Type: application/octet-stream
                            Content-Length: 77056
                            Connection: close
                            Date: Mon, 18 Oct 2021 17:19:33 GMT
                            Last-Modified: Thu, 05 Aug 2021 11:40:48 GMT
                            ETag: "6ed184b11dba529b45906056501f2ef5"
                            Content-Disposition: attachment;filename=Turn_Quality_Data_into_Quality_Insights.pdf
                            x-amz-meta-title: Turn_Quality_Data_into_Quality_Insights.pdf
                            Accept-Ranges: bytes
                            Server: AmazonS3
                            X-Cache: Miss from cloudfront
                            Via: 1.1 a1e152cd91a0e624aecabbad581ffcb3.cloudfront.net (CloudFront)
                            X-Amz-Cf-Pop: CDG52-P2
                            X-Amz-Cf-Id: 1zw3WhC96wu0b9c8BR9trSD2Eh-jvUisWaZwn-rLh0XPOnW-mwifVQ==
                            2021-10-18 17:19:32 UTC0INData Raw: 25 50 44 46 2d 31 2e 37 0d 25 e2 e3 cf d3 0d 0a 33 31 20 30 20 6f 62 6a 0d 3c 3c 2f 4c 69 6e 65 61 72 69 7a 65 64 20 31 2f 4c 20 37 37 30 35 36 2f 4f 20 33 33 2f 45 20 34 34 39 37 33 2f 4e 20 33 2f 54 20 37 36 33 32 31 2f 48 20 5b 20 31 32 33 36 20 33 32 33 5d 3e 3e 0d 65 6e 64 6f 62 6a 0d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 78 72 65 66 0d 0a 33 31 20 34 37 0d 0a 30 30 30 30 30 30 30 30 31 36 20 30 30 30 30 30 20 6e 0d 0a 30 30 30 30 30 30 31 35 35 39 20 30 30 30 30 30 20 6e 0d 0a 30 30 30 30 30 30 31 36 38 36 20 30 30 30 30 30 20 6e 0d 0a 30 30 30 30 30 30 32 39 31 33 20 30 30 30 30 30 20 6e 0d 0a 30 30 30 30 30 30 32 39 38 30 20 30 30 30 30 30 20 6e 0d 0a 30 30 30 30 30 30 33 31 31 37 20 30 30 30 30 30 20 6e 0d 0a 30 30 30 30 30 30
                            Data Ascii: %PDF-1.7%31 0 obj<</Linearized 1/L 77056/O 33/E 44973/N 3/T 76321/H [ 1236 323]>>endobj xref31 470000000016 00000 n0000001559 00000 n0000001686 00000 n0000002913 00000 n0000002980 00000 n0000003117 00000 n000000
                            2021-10-18 17:19:32 UTC2INData Raw: 8e 81 51 43 16 ca df 06 10 60 00 b1 28 33 ea 0d 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a 0d 33 32 20 30 20 6f 62 6a 0d 3c 3c 2f 4c 61 6e 67 28 65 6e 2d 55 53 29 2f 4d 65 74 61 64 61 74 61 20 32 39 20 30 20 52 2f 4f 75 74 6c 69 6e 65 73 20 32 34 20 30 20 52 2f 50 61 67 65 73 20 32 38 20 30 20 52 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 3c 3c 2f 44 69 72 65 63 74 69 6f 6e 2f 4c 32 52 3e 3e 3e 3e 0d 65 6e 64 6f 62 6a 0d 33 33 20 30 20 6f 62 6a 0d 3c 3c 2f 41 6e 6e 6f 74 73 20 33 34 20 30 20 52 2f 41 72 74 42 6f 78 5b 30 2e 30 20 30 2e 30 20 36 31 32 2e 30 20 37 39 32 2e 30 5d 2f 42 6c 65 65 64 42 6f 78 5b 30 2e 30 20 30 2e 30 20 36 31 32 2e 30 20 37 39 32 2e 30 5d 2f 43 6f 6e 74 65 6e 74 73 5b 35 30
                            Data Ascii: QC`(3endstreamendobj32 0 obj<</Lang(en-US)/Metadata 29 0 R/Outlines 24 0 R/Pages 28 0 R/Type/Catalog/ViewerPreferences<</Direction/L2R>>>>endobj33 0 obj<</Annots 34 0 R/ArtBox[0.0 0.0 612.0 792.0]/BleedBox[0.0 0.0 612.0 792.0]/Contents[50
                            2021-10-18 17:19:32 UTC18INData Raw: 64 e5 60 72 a3 be 6e 7e cf f4 59 02 02 a0 02 26 e0 01 2b 60 0f 9c 81 3b 10 02 7f 10 02 c2 41 34 88 07 c9 20 1d e4 80 02 b0 14 c8 41 39 d0 00 3d a8 07 2d a0 1d 74 81 1e b0 1e 6c 02 c3 60 3b 18 03 bb c1 7e 70 10 8c 83 8f c1 09 f0 47 70 1e 7c 09 ae 81 5b 60 12 4c 83 87 60 06 3c 05 af 20 08 22 41 0c 88 0b 59 41 0e 90 2b e4 05 f9 43 62 28 12 8a 87 52 a1 2c a8 00 2a 81 54 90 16 32 42 2d d0 0a a8 07 ea 87 86 a1 1d d0 6e e8 f7 d0 51 e8 04 74 0e ba 04 7d 05 4d 41 0f a0 ef a0 97 30 02 d3 61 1e 6c 07 bb c1 be b0 18 8e 81 53 e0 1c 78 09 ac 82 6b e0 26 b8 13 5e 07 0f c1 a3 f0 3e f8 30 7c 02 3e 0f 5f 83 27 e1 87 f0 2c 02 10 1a c2 47 1c 11 21 22 46 24 48 3a 52 88 94 21 7a a4 15 e9 46 06 91 51 64 3f 72 0c 39 8b 5c 41 26 91 47 c8 0b 94 88 72 51 0c 15 a2 e1 68 12 9a 8b ca
                            Data Ascii: d`rn~Y&+`;A4 A9=-tl`;~pGp|[`L`< "AYA+Cb(R,*T2B-nQt}MA0alSxk&^>0|>_',G!"F$H:R!zFQd?r9\A&GrQh
                            2021-10-18 17:19:32 UTC19INData Raw: 79 dd ad e8 fe a2 c7 af 67 b0 e7 87 5e 79 ef 17 6b 45 6b 87 d6 fe b8 ae 6c dd 44 5f 70 df b6 f5 c4 f5 da f5 d7 37 44 6d d8 d5 cf ee 6f ea bf bb 31 6d e3 e1 01 6c a0 7b e0 fb 4d c5 9b ce 0d 06 0e 6e df 4c dd 6c dc 3c 39 94 fa 4f 00 a4 01 5b fe 98 b8 99 24 99 90 99 fc 9a 68 9a d5 9b 42 9b af 9c 1c 9c 89 9c f7 9d 64 9d d2 9e 40 9e ae 9f 1d 9f 8b 9f fa a0 69 a0 d8 a1 47 a1 b6 a2 26 a2 96 a3 06 a3 76 a3 e6 a4 56 a4 c7 a5 38 a5 a9 a6 1a a6 8b a6 fd a7 6e a7 e0 a8 52 a8 c4 a9 37 a9 a9 aa 1c aa 8f ab 02 ab 75 ab e9 ac 5c ac d0 ad 44 ad b8 ae 2d ae a1 af 16 af 8b b0 00 b0 75 b0 ea b1 60 b1 d6 b2 4b b2 c2 b3 38 b3 ae b4 25 b4 9c b5 13 b5 8a b6 01 b6 79 b6 f0 b7 68 b7 e0 b8 59 b8 d1 b9 4a b9 c2 ba 3b ba b5 bb 2e bb a7 bc 21 bc 9b bd 15 bd 8f be 0a be 84 be ff bf 7a
                            Data Ascii: yg^ykEklD_p7Dmo1ml{MnLl<9O[$hBd@iG&vV8nR7u\D-u`K8%yhYJ;.!z
                            2021-10-18 17:19:32 UTC34INData Raw: 74 77 61 72 65 41 67 65 6e 74 3e 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 43 43 20 32 30 31 34 20 28 4d 61 63 69 6e 74 6f 73 68 29 3c 2f 73 74 45 76 74 3a 73 6f 66 74 77 61 72 65 41 67 65 6e 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 45 76 74 3a 63 68 61 6e 67 65 64 3e 2f 3c 2f 73 74 45 76 74 3a 63 68 61 6e 67 65 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 72 64 66 3a 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 72 64 66 3a 6c 69 20 72 64 66 3a 70 61 72 73 65 54 79 70 65 3d 22 52 65 73 6f 75 72 63 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 45 76 74 3a 61 63 74 69 6f 6e 3e 63 6f 6e 76 65 72 74 65 64 3c 2f 73 74 45 76 74 3a 61 63 74 69 6f 6e 3e 0a 20 20
                            Data Ascii: twareAgent>Adobe Illustrator CC 2014 (Macintosh)</stEvt:softwareAgent> <stEvt:changed>/</stEvt:changed> </rdf:li> <rdf:li rdf:parseType="Resource"> <stEvt:action>converted</stEvt:action>
                            2021-10-18 17:19:32 UTC50INData Raw: 18 1a 29 42 3c 59 3b d9 3d 8b 49 b9 66 81 d7 a0 26 82 05 2b cc 1e 1a 1e bb e4 78 88 19 c8 a1 53 55 ba 21 08 0a 05 59 ac 07 c3 b1 ee 39 87 ff 89 e7 3c ee 38 47 d5 71 92 c1 a9 a1 0f 36 ee 92 78 51 cb 2b d8 f7 42 bb 89 d3 da 63 df 33 c4 1e 36 a8 c5 c9 06 69 f5 7c f6 9d c3 33 7c f6 ea ad a1 ee 59 0b 12 d9 69 1c e0 61 af f8 55 17 5f 04 fa 7a c9 71 b6 08 05 08 e8 a1 59 11 d2 52 94 3f 37 a4 5f 9f f0 ba 52 9d 77 a5 2e 88 6d a0 23 61 63 70 9f 4f 69 a9 a9 e4 a3 5c 0e 66 06 dc f1 b0 5a 16 9a 7c 85 94 96 ac fc a8 8a 8c 89 d2 0f b4 38 9a 03 f1 ad 46 d0 05 1d 9e ec 41 91 95 f9 19 54 91 73 fa fe 4f 13 25 9c 75 01 b5 7c 9f f4 19 65 18 ac ec 5a a2 91 a6 c8 d5 a6 68 5c 33 45 b2 7e cc e2 c2 90 c8 49 f0 a4 bf 48 d4 26 b3 87 99 31 90 94 51 67 c9 e8 67 27 6c c1 66 bc 27 57 a1
                            Data Ascii: )B<Y;=If&+xSU!Y9<8Gq6xQ+Bc36i|3|YiaU_zqYR?7_Rw.m#acpOi\fZ|8FATsO%u|eZh\3E~IH&1Qgg'lf'W
                            2021-10-18 17:19:32 UTC51INData Raw: f6 c5 68 f6 9a 51 d4 d0 38 27 fc 1c 93 00 8a b2 58 56 68 ea 82 9b 36 22 93 b2 e5 42 83 56 0c 15 8b 1c e5 88 b3 74 70 9a 02 dd a5 55 4c da b0 84 21 36 98 d1 86 a0 ec 9e 11 42 dd 44 35 8e 92 e6 4c ab 7f d9 9f 15 bc d9 ca 59 38 22 a4 49 b9 bb 52 de a2 0f c2 dd ce 79 19 fe 15 a5 cb 43 8e be dc 08 84 62 d5 e8 89 22 b9 7a 12 e1 73 2a 51 c4 2f 47 91 40 e7 ed e5 e0 6a 85 c5 65 3e cb 8c e2 1b b1 0a 8c fc 5d c5 b6 df 9b 58 7e 4f 79 ee 15 49 c8 91 c1 ac 12 ca b4 50 70 25 2e 71 aa cd b2 d8 a5 1f 88 b5 03 f3 8f a8 c7 07 21 eb 2b f1 0b 8d 02 62 e2 4e 89 6e a5 e1 09 34 86 bc c9 ac 83 39 8b d9 b1 9d c0 a1 b2 fa a8 36 98 ba fa 35 56 36 4f 09 b5 c5 53 e6 9a bb b4 d1 bb 87 67 c5 5d 61 07 6a 0e dd 17 4e 13 61 44 15 bf 49 5e d7 92 31 60 c6 fd eb c6 22 53 aa 99 f1 9e fd d0 63
                            Data Ascii: hQ8'XVh6"BVtpUL!6BD5LY8"IRyCb"zs*Q/G@je>]X~OyIPp%.q!+bNn4965V6OSg]ajNaDI^1`"Sc
                            2021-10-18 17:19:32 UTC60INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 45 76 74 3a 69 6e 73 74 61 6e 63 65 49 44 3e 78 6d 70 2e 69 69 64 3a 39 63 34 30 36 31 32 36 2d 37 62 36 65 2d 34 31 37 63 2d 39 63 34 63 2d 65 34 37 34 64 61 32 37 32 65 38 66 3c 2f 73 74 45 76 74 3a 69 6e 73 74 61 6e 63 65 49 44 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 45 76 74 3a 77 68 65 6e 3e 32 30 31 35 2d 30 35 2d 31 38 54 30 39 3a 33 35 3a 32 39 2d 30 37 3a 30 30 3c 2f 73 74 45 76 74 3a 77 68 65 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 45 76 74 3a 73 6f 66 74 77 61 72 65 41 67 65 6e 74 3e 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 43 43 20 32 30 31 34 20 28 4d 61 63 69 6e 74 6f 73 68 29 3c 2f 73 74 45 76 74 3a 73 6f 66 74
                            Data Ascii: <stEvt:instanceID>xmp.iid:9c406126-7b6e-417c-9c4c-e474da272e8f</stEvt:instanceID> <stEvt:when>2015-05-18T09:35:29-07:00</stEvt:when> <stEvt:softwareAgent>Adobe Illustrator CC 2014 (Macintosh)</stEvt:soft
                            2021-10-18 17:19:32 UTC76INData Raw: 0d 73 74 61 72 74 78 72 65 66 0d 31 31 36 0d 25 25 45 4f 46 0d
                            Data Ascii: startxref116%%EOF


                            Code Manipulations

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            Analysis Process: cmd.exe PID: 7124 Parent PID: 620

                            General

                            Start time:19:19:30
                            Start date:18/10/2021
                            Path:C:\Windows\SysWOW64\cmd.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf' > cmdline.out 2>&1
                            Imagebase:0xd80000
                            File size:232960 bytes
                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: conhost.exe PID: 7136 Parent PID: 7124

                            General

                            Start time:19:19:30
                            Start date:18/10/2021
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff7f20f0000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: wget.exe PID: 2244 Parent PID: 7124

                            General

                            Start time:19:19:31
                            Start date:18/10/2021
                            Path:C:\Windows\SysWOW64\wget.exe
                            Wow64 process (32bit):true
                            Commandline:wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://attachment.benchmarkemail.com/c903556/Turn_Quality_Data_into_Quality_Insights.pdf'
                            Imagebase:0x400000
                            File size:3895184 bytes
                            MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: AcroRd32.exe PID: 6088 Parent PID: 5032

                            General

                            Start time:19:19:35
                            Start date:18/10/2021
                            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\download\Turn_Quality_Data_into_Quality_Insights.pdf'
                            Imagebase:0xee0000
                            File size:2571312 bytes
                            MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: AcroRd32.exe PID: 6328 Parent PID: 6088

                            General

                            Start time:19:19:35
                            Start date:18/10/2021
                            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\download\Turn_Quality_Data_into_Quality_Insights.pdf'
                            Imagebase:0xee0000
                            File size:2571312 bytes
                            MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: RdrCEF.exe PID: 2932 Parent PID: 6088

                            General

                            Start time:19:19:40
                            Start date:18/10/2021
                            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
                            Imagebase:0x1060000
                            File size:9475120 bytes
                            MD5 hash:9AEBA3BACD721484391D15478A4080C7
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: RdrCEF.exe PID: 1140 Parent PID: 2932

                            General

                            Start time:19:19:42
                            Start date:18/10/2021
                            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7113903648470606022 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7113903648470606022 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
                            Imagebase:0x1060000
                            File size:9475120 bytes
                            MD5 hash:9AEBA3BACD721484391D15478A4080C7
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: RdrCEF.exe PID: 5444 Parent PID: 2932

                            General

                            Start time:19:19:42
                            Start date:18/10/2021
                            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=6337020669972044748 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
                            Imagebase:0x1060000
                            File size:9475120 bytes
                            MD5 hash:9AEBA3BACD721484391D15478A4080C7
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: RdrCEF.exe PID: 4700 Parent PID: 2932

                            General

                            Start time:19:19:42
                            Start date:18/10/2021
                            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=212230683563953520 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=212230683563953520 --renderer-client-id=4 --mojo-platform-channel-handle=1812 --allow-no-sandbox-job /prefetch:1
                            Imagebase:0x1060000
                            File size:9475120 bytes
                            MD5 hash:9AEBA3BACD721484391D15478A4080C7
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: RdrCEF.exe PID: 6384 Parent PID: 2932

                            General

                            Start time:19:19:44
                            Start date:18/10/2021
                            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13105103323955636011 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13105103323955636011 --renderer-client-id=5 --mojo-platform-channel-handle=1960 --allow-no-sandbox-job /prefetch:1
                            Imagebase:0x1060000
                            File size:9475120 bytes
                            MD5 hash:9AEBA3BACD721484391D15478A4080C7
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: RdrCEF.exe PID: 6184 Parent PID: 2932

                            General

                            Start time:19:20:30
                            Start date:18/10/2021
                            Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1712,13234142609379368603,13386336602470821584,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=17520325351492498782 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17520325351492498782 --renderer-client-id=6 --mojo-platform-channel-handle=1608 --allow-no-sandbox-job /prefetch:1
                            Imagebase:0x1060000
                            File size:9475120 bytes
                            MD5 hash:9AEBA3BACD721484391D15478A4080C7
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Disassembly

                            Code Analysis

                            Reset < >