Windows Analysis Report
aaa.pdf

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R4yci4y_w256ul_do.tmp

Source: classification engine

Classification label: clean0.winPDF@13/57@0/1

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\aaa.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\aaa.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=16994096637893958157 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1013380377822533116 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1013380377822533116 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6535563391496955322 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6535563391496955322 --renderer-client-id=4 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15898316639092127087 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15898316639092127087 --renderer-client-id=5 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\aaa.pdf	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=16994096637893958157 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1013380377822533116 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1013380377822533116 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6535563391496955322 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6535563391496955322 --renderer-client-id=4 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15898316639092127087 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15898316639092127087 --renderer-client-id=5 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Source: aaa.pdf

Joe Sandbox Cloud Basic: Detection: clean Score: 2

Perma Link

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: aaa.pdf	Initial sample: PDF keyword /JS count = 0
Source: aaa.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: aaa.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 File and Directory Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Link
aaa.pdf	0%	Virustotal	Browse
aaa.pdf	0%	Metadefender	Browse
aaa.pdf	0%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	637763
Start date and time: 01/06/202219:49:05	2022-06-01 19:49:05 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	aaa.pdf
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	31
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.winPDF@13/57@0/1
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Adjust boot time Enable AMSI Found PDF document Find and activate links Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 23.211.4.250, 80.67.82.80, 80.67.82.97
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, arc.msn.com, acroipm2.adobe.com, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, store-images.s-microsoft.com, login.live.com, a122.dscd.akamai.net, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:50:15	API Interceptor	8x Sleep call for process: RdrCEF.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	205
Entropy (8bit):	5.621995976318027
Encrypted:	false
SSDEEP:	3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuVgjQ/llIZLJRktJ/t/iTFJrqzOJkvP5y:men9YOFLvEWdM9QLjQlKZctji7Z+P41
MD5:	A98454893864892A34AC1FE3BF350E1E
SHA1:	3763C3FEBFBBEDBB02EC2B70937FD14A18E00F8A
SHA-256:	D3E8200B9701778EB305E81048767AA08C048CC038C989A79F67FC57B3D57521
SHA-512:	9B1FD82AE64DBBFA60757632BB233A1FDD85BAAEA90EB5A371861C524B677F8763E46F081834DC71FC27CF47CA074F0FAFFA5BE50DA0AFE5706DEB33AF4CAAE3
Malicious:	false
Reputation:	low
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ......>/....."#.D......A.A..Eo......?...............d.{v.^.G...d.W.:...P..k%..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	174
Entropy (8bit):	5.562019634990087
Encrypted:	false
SSDEEP:	3:m+lF9NX6v8RzYOCGLvHktWVNowqQl/lb0akRktHllte98fZe/O+/rkwGhkg4m1:mi9NqEYOFLvEknowHt1tI8Be7Ywcr1
MD5:	D3B657DD672CB28ED10A922D7032884D
SHA1:	8A07A421283603E61E7D51C8F2191EAD8BF6A8DF
SHA-256:	8F4244DF3EEABF036DE66FAD340D53950F7F1BF44442DF84229A67F6ABA22B4C
SHA-512:	08C877D1742E9F7CF011AC423DDF67F80F7FA701F214A8C41887216C6FAAC710F6D687A95D42CDE2D6564D329D8CF1912FE2C549E61AFD8D46EA86FAFF31E9FB
Malicious:	false
Reputation:	low
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .h...>/....."#.D.6...A.A..Eo......v...........1.x.'.vI..*\|Z..o...+.4....0..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	246
Entropy (8bit):	5.582357731570362
Encrypted:	false
SSDEEP:	6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhufcalm9twlot/RlUoSjGY1:DyeRVFAFjVFAFDcaQ9aotZlUo6
MD5:	F2C2CB225D17A7EA30CC9BE642E64115
SHA1:	E42A4677C466EA1DD9395185A6D1639540063BC5
SHA-256:	910553088046AFCB24E496B2E27F9246FFFB25D01A5300E330707179FB159177
SHA-512:	F742C9F7B79313CDD5648B2F821EE146920C5281BEAC4649BF49485B3D10C4FD3887ABC27A5FDFF31BA4B72188D439DD1306DCC2876189528D910850628314AE
Malicious:	false
Reputation:	low
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ......>/....."#.DC....A.A..Eo......&IM...........hvDO.N.t@.....n.*...... ....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.636642581224908
Encrypted:	false
SSDEEP:	6:mNtVYOFLvEWdFCi5Rsg4w/YtfNlTuiWulHyA1:IbRkiDcwwJNlTjWus
MD5:	A6BC2428DB84B40CCCBAF365C9355A3A
SHA1:	4D6701157254A45F28EA63A9380E822B8D73A66B
SHA-256:	E5611B8B02E984D9D6ED0E5EAC3D190DEF70FD79885655EAEE772677C237864D
SHA-512:	FC5FE2562670AA1E580D135373AD959B91B8C349B94F4F990E88F91215C3C3E02DCA30F74E9005EA0874827431077482641505335903FFB9A5236AB486C2D6E5
Malicious:	false
Reputation:	low
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ...h..>/....."#.D.Yt...A.A..Eo......5.0...........8 P..a...R..Y....7.@..2Dm{..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.56289275493161
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVuMJlti9tpVyh9PT41:pyixRuKA9vV41T
MD5:	4E09890A2FEFF7F89A2F6282CEDBE7D6
SHA1:	4956A018440F44D453DBBE9914E37A2BBC9646F3
SHA-256:	32B751CF35904320E3E4EC05E8C5BA3DBAA12230B078EA8ADE8090D83F1380A8
SHA-512:	193567566118D4F0FE6CAFB71325AEA14F872BB826F3BC58DEA94F0CCE9432DB1F97161E7D11231EAC4A897D53266FCC82A09F6852B3A9CB92578FE4638E8D2D
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .....>/....."#.D.....A.A..Eo.......w..........k.Q.....-_..y.....O...>..1....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.6344020134890735
Encrypted:	false
SSDEEP:	3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuV1eqZutld2ZLk6RktAhtlxlYo2sQ:mvYOFLvEWdhwjQE6zck9tq3ZIl6P41
MD5:	B936C26ACF7228553637FBB906FB64CE
SHA1:	1D9996B6E2714F7DC99CB8B5EA4F6F7DDD9FBDA8
SHA-256:	426EA52ABA490DF6A569AF4C31E20724E29BCDDC9AD1D206FE2868CD455D2E0F
SHA-512:	51F2447D13FDDA984032CC8DFF36FCC4626C686EC6521D8BF8C607DE2C9F73C3505460C563C9C2942384C06A30DB0AD4157D46CE25B55CEF7FCF1C0244723E3D
Malicious:	false
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js .&....>/....."#.D7P...A.A..Eo......I;..........].>....uUf..N...k......c..l.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.545254648643578
Encrypted:	false
SSDEEP:	3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuV/wQ/ll1i9kRktv1VcyxMtv9G:mJYOFLvEWdGQRQOdQHQlfi9tvbD6g1
MD5:	BEFF7C53AC94EB846FBA4F10E3594FEC
SHA1:	EB0203B5A825731E102E921B152C60E7EB073B55
SHA-256:	6E56032BD88F5ACD1878F73DF279694179739F8A6C592A4C53EFEE1DCF79011B
SHA-512:	2C4E86F873B80D7EE867068EB04FB170D0F19E7F71AAA5281DA3A1A408905DE4794D7105B79F8ADDEB8CFDEEA230DC41CF72EAB2388F03DE0851A1B88E48822D
Malicious:	false
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .f....>/....."#.Dw....A.A..Eo....................c..y/L....\|y.n..C/I.....X7-ne.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.5543151221831755
Encrypted:	false
SSDEEP:	3:m+lLp08RzYOCGLvHkfaMMuVElul4c39k9kRktjf/VQMWqg4nRb7om5m1:mOYOFLvECMLuuWcitjf2uR/41
MD5:	45917A461B0623C4C3A45F72288C9423
SHA1:	23DF2C4A713631128489F6681F41B748C39A996D
SHA-256:	B280349B9F3453AFDE5A563E77E8AD27FD59AE7D1AD5AC1554A3F41B2883FC75
SHA-512:	889F9B21BCD47C75D0BCE55F15225FD0AE9E4511B6C82AC97489BF9D76B1D19C0675E146D2BCE1AB2069B83120FD8C18FDB0803B370A0C571B630DB36C8C50EF
Malicious:	false
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .....>/....."#.D..6...A.A..Eo.......!.~.........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.532441048627083
Encrypted:	false
SSDEEP:	6:m4fPYOFLvEWdtu4/lscttby0zBUKSAA1:pRJ/6c7b
MD5:	0F05CBF9907EE6BEFF5A4AD729D63735
SHA1:	CFEB7B91EC61256469D9C4FA7E0AE5A5AD28338B
SHA-256:	02FE191852ED34E92BB5018D1AD457941BB218A9FB560427E89E8138D7D409DA
SHA-512:	DB9D7D7B29DEB146640590C8FD3A8E32D33190C3EEBE960EE89ED0962D8656CDB04F248AF7DF5DB39B956D35361302C12EEA1904AF3F0664A8FCEA04C2435F38
Malicious:	false
Preview:	0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js .....>/....."#.Dg....A.A..Eo......d"~<........Q..E.=....=h`t..t..3%A.F$..w..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	177
Entropy (8bit):	5.4596494023361295
Encrypted:	false
SSDEEP:	3:m+l64HXlA8RzYOCGLvHkjXMLOWFvRfZb+/l3Lk9kRkts3Md1dn76KohyP5m1:md4HXXYOFLvEjMSWFvtwqt1jUdyP41
MD5:	48DC1CB2122939586873850B84F17C00
SHA1:	3FB83E5674BF63AAF978CEF667A393637F08EC01
SHA-256:	7504057CE84558BA6A38733CF86D83F27CD9544A48CA27CCB609D9E107DE6329
SHA-512:	1E7075CF3B4C55343705F2CDB5923D57B4F3C2A34FB5EB15FC9520E67BCA5D51DDABE5DC41D8C4975E33CC8F271F9B87ABB0431B8BC1A949C0F31379E0D4835F
Malicious:	false
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .....>/....."#.DH.6...A.A..Eo......HA.g.........PU ....t^.....a.k..u.7.M.BW6#}..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	187
Entropy (8bit):	5.584032485020146
Encrypted:	false
SSDEEP:	3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVL+KqZ6lVfJ6RktqtRUPqf9tsDMaPV44m1:mkl9YOFLvEWsfOL+f6DtHPqVyM+VY1
MD5:	5ED64AB2C6800FDEC735DC511A8BA95D
SHA1:	CF360BA5251BE0FF070E213D6E5A4E899BA35972
SHA-256:	0169A29ED4AFECDF9709C966F3194697FFB18E7F56D9351D43984B6E6C669E02
SHA-512:	574653F6D60CE6E5E22F6DC6331E6DF043283C8AF713D04290F1868EF9E04E99AB11DCD5BD80989C1E39784802D65DD23E8CD4A81D654F7447401959F52BD2A9
Malicious:	false
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .....>/....."#.D.....A.A..Eo.........}..........q.O...j....._y..L^z...?..@N..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	244
Entropy (8bit):	5.568233214483599
Encrypted:	false
SSDEEP:	6:mt9YOFLvEWdVFLBKFjVFLBKFlypKlllbRxQtaZotwSeKaT9pr1:URVFAFjVFAFCKlTRxQoZotwSeKaTL
MD5:	080895403F26FC9EE5D4532E424E01CF
SHA1:	56F5B9C7FE4213906EFB2857B060C437047B99A2
SHA-256:	762B6ACBF87733F14218306B9D599157B7A5730929878FF70663F7C4D4A456C9
SHA-512:	B8C612163BDB9175AC22AADD46D7F2BA4E52C2FAC18FFDFBA2B3400A7F37AFA07AB4BB074E4E70A8FEFEF0AF68C2295245CA1AFFBD6A25367B5E7C1137AE967E
Malicious:	false
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .A....>/....."#.D.x....A.A..Eo......>.................H...{...2../.k`..r4.C. .A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.5053673514192445
Encrypted:	false
SSDEEP:	6:ms2VYOFLvEWdvBIEGdeXulvlbPJ9tYI11:BsR2EseOt/u
MD5:	7EB084FA4938B9C350A21882073CEB1F
SHA1:	C4522841F64E7D444E155557F1963F6CF2BC4AB4
SHA-256:	0BA1536EDD0F9BB324B7444EB2507C0405F95E5EB83DB980873C7D1B7A04D57E
SHA-512:	CEFE9814F6A2A3AEB376885E0970F73F19D7D24662A9AE318AD1E0F3A4E9EA34D162902D86C64D27052BEF085C35AD7C9055BD6CE22DBB41B0512F463CA51AC5
Malicious:	false
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ......>/....."#.D.R...A.A..Eo........#S.........A.o]@r..Q.....<w.....].n\....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.642191686872558
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQbeNrck9t7Txm7OhKlvA1:RbR16D1zFxmJ
MD5:	D585E335999A5FD2F602773BE13500C9
SHA1:	2F82BF750F7D86E30731555CFCA986BC987EDF67
SHA-256:	57C59BC9AC195BDBA7F7D7A0462493954C648BB5492D334E00947B6B973AEB26
SHA-512:	C94C9069EDA38A70314B7664F6025713405EE6788F060BF1269AFA3F603421EBE18F82B69A111DD36A7A470FAF0C3486D3B54C25BA8A52447282556A0054C35C
Malicious:	false
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js .t#...>/....."#.D.....A.A..Eo......\|..:..........4T].....Tw.....(..b...EO....9.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.584664981352228
Encrypted:	false
SSDEEP:	3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvxdaiqlllVsbkRkt3lVdFH:ms2gEYOFLvEWdGQRQVub5elutndFt1
MD5:	D07ECC1E32BA22D78C61E46AF24BCBF8
SHA1:	2251285A575631CF9C02A6586B508DC7AB4043CE
SHA-256:	26C6EF1BA2EF43F83AC15D2D864BBE9A49B6FCD0598DA798D7AF4C22F3B2DAE2
SHA-512:	8EA39AD99165F1C9F3C8AB615BDC83EC6EEF1C6F55D21FF1FE3D9A97D176446FABF4F61F5624E525A194619AA90F9250620813F320B22702CDE2CA8C912E9726
Malicious:	false
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ......>/....."#.D.I...A.A..Eo.......~ .........@..{o]...9o\|..qY....T....{..u.b..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	206
Entropy (8bit):	5.596819938885586
Encrypted:	false
SSDEEP:	3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVSNlVzuekRktZ//l4EnNWQ1SUm1:mzyEYOFLvEWdrIOQl3btZ/GEt1S/1
MD5:	C06A8F5A6CF110EDC59C0659E1CF92D2
SHA1:	6E425CAA21A7045D9EB9EDEF7984FEB4B468FDFA
SHA-256:	9AF64B5ED67D6B02176B342F5BC19133D139D94A1DF48BD5FE095E2AD6F74B6D
SHA-512:	D18B3FCEC90ABF4B1520DC19DF327CA39F0422227FCA9B8360F67CF0A1B3B0E222C72DB9293F7504F83A70E219E2629C75B4BD0638E9FA1CEB6F9591068B36D1
Malicious:	false
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..R...>/....."#.D.....A.A..Eo......%.>B.........t\a......x5.'OuE.C..@......x..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.572486249762836
Encrypted:	false
SSDEEP:	3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFv+0Ql/lEwL0kRkt//SlwJNqww6U+o:mnYOFLvEWdhwyu9Qtqdt/KlwrqwK+41
MD5:	DCD0ED8C26693DF304D4D04FFFBDC93E
SHA1:	42F05E665324E217F59D0B59C3DF5E19C97C30AA
SHA-256:	A2D37F3589A3558089BAD716617D2F590DE04567E45E62D33FD9B96C18EF3951
SHA-512:	B6DE09FB2125431034C8EF1D25FDA4268EE761E423C7A04ADBAD149F71004F317E2F57BA7D6B8765F242A4A8CFF350D15B8832D716AF9A1156581782D5F3FA94
Malicious:	false
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ......>/....."#.D.....A.A..Eo.........................7...o..a=.98I......(3.$G.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.585589061354687
Encrypted:	false
SSDEEP:	6:mYXYOFLvEWdrROk/RJbuzHuAz9tD4fO441:/RrROk/8Np4fL
MD5:	7AB75EFED1ED72C3DDF9742FE534EE13
SHA1:	7B9ECB2E0C91F167B7D01D608C986DF97213AC11
SHA-256:	B950BBFF1592AE6E7759AD3A80F02E262FA64F5E41660E97B6C54B0E467239FB
SHA-512:	8D31DC50F7FAD42B8F13358FC4CDFBC23E3748191EF85E86AB44F4734A976531EBD1F5E1D1AE77EBE189592013F9CE1FFB91A0809CA88578DBB0622D560D322A
Malicious:	false
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .<....>/....."#.D.....A.A..Eo.......uk...........~..rw.+[....!.)?..f.U..(=.=.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	186
Entropy (8bit):	5.595505140425618
Encrypted:	false
SSDEEP:	3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSV5Si6lG+RktxtlHzoIN1OFPL4m1:mmDEYOFLvEWXIN6oBtxtpzV1QPLr1
MD5:	139C15FFDE4BDA73650F3A4BAE77764E
SHA1:	F551B7809E0CB6035B7E7FBEF00D3DFE0F15FDA1
SHA-256:	EB09AB238C3D34777A01903C3F4E88FDA829625107F9D6F6F5DE06CAB3748A76
SHA-512:	BCB750091074426806ACC29B5D6DE8045CF05C57EC21C07EC156D6116B09961553FF5D1BD7E60A4A03F170F3C95C313F20659D325F5A578B1E4A6FE16E2780C1
Malicious:	false
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .4....>/....."#.D.....A.A..Eo.......l[..........~]...%s..<...n.f..<.....1#..U..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	207
Entropy (8bit):	5.625618635370151
Encrypted:	false
SSDEEP:	3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFvLallBhPAG9kRktkitm8D6EsEJeUy:m52YOFLvEWdMAuUl5PJ9tkEvsEJ41
MD5:	2D0C50A984713B023266D5D49D1E0C27
SHA1:	76A01A2310244B65F0AAF7554B9D44A4B049EC91
SHA-256:	83AB5E27363E730D80C8146A039384D61B49867203139DF1BA42D63D1E08B8DA
SHA-512:	AD10E1CBD0A745A289E2CD56A03128060DCA75BBD41B167623B4B4911106CC855B0AAAC6F244FF0E92E59DF6FB77838CA0D5FBF38DC29871AD6124CAA1B387D5
Malicious:	false
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .o...>/....."#.D.....A.A..Eo........M6..........z._a...'.v.......4p3..1.']...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.583998485910322
Encrypted:	false
SSDEEP:	6:mYilPYOFLvEWd8CAdAunlQlTi9tCc/4ong1:6lJRklB9h/4o
MD5:	3A044F617F640679CFEA2BAE90582FBD
SHA1:	5BC6950AA5AEC6C371CCCD95160DECBE4EF642ED
SHA-256:	D5C157F5C7062C3F91C48CCB8BA7C21D24461D10FE4B09B6C119D9EB15DFD7DB
SHA-512:	73EDAE6C5DCEBC16432253C11F02AFFBC03BBAE6D53AED78F5A48D79057647898BF79CE502C0770D03AFEB0976D57A7B228B06C734CAD3155013DEE61256950D
Malicious:	false
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .(....>/....."#.DQ....A.A..Eo.........A........c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.549506866262095
Encrypted:	false
SSDEEP:	6:mY8nYOFLvEWdrROk/IurbuwYt/9NDN16wG1:F8hRrROk/NbUV5
MD5:	2979D69FBB1DE50392183E3E8EED99F9
SHA1:	3C9E472D4D6CB28604AA42EE531113F814591313
SHA-256:	4281ECFD03AD719B22789E31E275276A6B46A4F8C3422E6C47E36A7157D978E6
SHA-512:	B6887115385E17F3F7521E9DA79958E92081EF30009F802524EE665ADF3018FA6EE64A802C38558AF0A7D6A0DAD5106B840BF2B871C7271E4A60AD8C5C47D188
Malicious:	false
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .n....>/....."#.D.....A.A..Eo......s..g..........%.k.SZ..~W.....:)'B..ad......A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.655939837535185
Encrypted:	false
SSDEEP:	6:mLrnYOFLvEWdrIoJUQYNKctwSllQeJIi1:ehRcvy1eJI
MD5:	ABDADE320AE84C1ECFABF4AFD6962CF2
SHA1:	F7C1A6119397D13CBBDAD08D32287E16F03855EE
SHA-256:	CBABFA9F781AB54DFF82079371DD36FBC0DC3493F429EE794BED12654995627B
SHA-512:	4A6AEB2B2EB5C1890F5E0BA683918F773EA8886CB6456692516F7991D91A825B52C839BB86FDAFEDD0933410C609532AA47DB28CA3573D7FB7BE029F83F74E90
Malicious:	false
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ..W...>/....."#.DX9...A.A..Eo........Ok.........;"./N_.,.:C..2....9L.H...3:...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.574481465117843
Encrypted:	false
SSDEEP:	3:m+lQ/pqv8RzYOCGLvHkWBGKuKjXKX+IALKPWFvUKdNlL2MYJRkt3BlXP6mgmOZLP:mOEYOFLvEWdrIhudkct3Bl/zgm2d/1
MD5:	D26EBABE6AC4850D0351721A000705A5
SHA1:	84D1520BB9A5ABCE59EA9A8F04844B2157A6361B
SHA-256:	94B94A86DC20735AE8FC99C026D59A77F8F0F992F3E2B38FA16DAFA16D52CA2E
SHA-512:	41387DA71E9BACF55A2D5023EC6B643629E8CD2C5F47880F0022983568280AD4AFFB970BB4F06FB21CCF5BA45AC7D48B90EE6C0460D5DDF4D6A50190379838C8
Malicious:	false
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .....>/....."#.D.....A.A..Eo.................Z.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.585043797161186
Encrypted:	false
SSDEEP:	3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvxlllQsNZQ6RktYlWBiaQ562HvpMm1:mAElVYOFLvEW1K6l+s4tYRx56uvp1
MD5:	17A73EF7868D0D9248179B33139FF158
SHA1:	5EF7FFE79083DD84F394141A4708A924F62CD51F
SHA-256:	AEE3B5BDA52B4BE8F2606C0C9156DB16089F572BFD68FFF28758CFAFA579F926
SHA-512:	96C40F4943998637111FCAE40C4168407D9A52B8D88EB76271EAE389F0E89C77C6267BE99BE055D1736BF34BE467D4C707D00C594599C74BF32BE1433F9A9EFC
Malicious:	false
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..p...>/....."#.D..h...A.A..Eo.......:..........z?...SwC...^..y.....V..7R-O.....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.636894547930709
Encrypted:	false
SSDEEP:	6:mWYOFLvEWdBJvvuhlJCBStreUDLYtmOZn1:xRBJeGclLDcFZ
MD5:	E69847E507524F7DCA2C4B705ADEB445
SHA1:	4FEB40785ABF64EAD02B8C39275906F322735149
SHA-256:	36F50F7A116D1E262BE04E663AE6ADDA7A490F0AA23A2053CA293E8877FE16A0
SHA-512:	8863AB1936B9BA2F8979A56594025A0318BCB811FFDE5A49D83FFB29592DCD5028F84976A270D58F1A79BBE55319A6FFF5715C90D79E73481F08DD9091F60EC4
Malicious:	false
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .K....>/....."#.Dfi...A.A..Eo.......G..............t.q..W.EZ....1...[.zC.7mD..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.596656827953738
Encrypted:	false
SSDEEP:	3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFvlqluletbBXRktElXpSKGop:msRPYOFLvEWIa7zp7rww2tE98VPu1
MD5:	6762698DA8D4FAC3B2614CDEBB05CEAD
SHA1:	CBDC6E1C0614CF198F7F716AB8A51FD2A757DA3A
SHA-256:	A63B75D22642ACFC0596103B218DFB2870018644C26BE837717DC7614445556B
SHA-512:	A88B1F10BA80E4A77EBEF2052526CE3541BBE7003E595263D189D5D69E58E4A4677575DBA4B94AC4222A8C17FEF1D67FF14D93897994F77ADA315CD7E57DB1AF
Malicious:	false
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .....>/....."#.D..8...A.A..Eo.....................L...Im.@.........E.nW...IP..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.594079421597542
Encrypted:	false
SSDEEP:	3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuV9ei6l4G6RktCC6F4XVAZ+8cV3I:mKPYOFLvEWdENU9QA69t4wiM3Y1
MD5:	C119770C4689C3F22F7895125D037CE1
SHA1:	D293FD14522D2FD51C0D63146D8B0D356BF35AE2
SHA-256:	F34DAE614366F021B25A2CF09A74289F35C977F884EEA1AEB5CF9B4B418FC5D2
SHA-512:	2A52E19A865ECF8E86C4BE17436E4595C1F766CBFDBFF6C2EF9F839EF035554874BC13A6AD9037B514EA8B7800199F113E10F15E56BDBA79849A21A33CFCE3AF
Malicious:	false
Preview:	0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ....>/....."#.D.z...A.A..Eo........d............M....m+lS..e.....<7.U.P8*.0K.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.5969163949907275
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQzl87QtAIjBRCh/41:XRc98eIDi/
MD5:	C9F6009ED9CFA9C716482345E5611569
SHA1:	0F07E7B0AA753DB6AAEB7E55AC865DD3D711D581
SHA-256:	7DC62FC1CFE8DE310BA0CF2DC10B66BC6FA7BA3570E34277F70C5411EC08C003
SHA-512:	9C841679CA267ED1E69E9B71F67CCEC3AA57D92918EB77E0F19AB044E736F684B2576DE1A0299CBDF819359658BE920747FCCE9B4480799DE38075C37C8D5B5B
Malicious:	false
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .9....>/....."#.D.D....A.A..Eo........0.........PJm...0x.x..RD...BB!@5..<..]....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.522914491478078
Encrypted:	false
SSDEEP:	6:mqs6XYOFLvEWdFCi5mhu1XtdMqjthcqX/kULlF4r1:bs6xRki4SIqX/7LlF4
MD5:	F4A9336D92D444778902460DA2FC5B2D
SHA1:	D765CCD05F6CAD8FCE7F9A9F5312FA7F5D39945B
SHA-256:	F8D1995501E1E7B6A5646A8231143829C9227D2A36B4D8FEE1D59DA23B79D2FB
SHA-512:	D47395760B2CF92F21063B97DF702DBE79FC8BBB58F8CB7AB462034ED08027C098FF109546A07B76D1E51A2746D98414E491B27CE0DC97391A7D828790AAA098
Malicious:	false
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .:.e..>/....."#.DM0n...A.A..Eo.......t9c.........P...#4..l....5...5..).w.. .h.~..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.500770621444411
Encrypted:	false
SSDEEP:	3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvjZjZullllVmRktcFXECcu1isLKo:mhYOFLvEWd/aFuJPel9tcFEN941
MD5:	64FB0BB96782C1BFD921CE4E8B0E1403
SHA1:	13E61E197DE0D3B83DAAF7303A5429E979AD25E7
SHA-256:	6C4A55723198A502888778FBB854648B4A7309F69D9A7C42FD1587A3D8619A8F
SHA-512:	E5246A718E16905ED68030BD64B62F23ACFAB305BAE6C81FB5C0E950BE1D86EB8D7EF3B3395E56A3A99528B48F9F58CC16F5F3FD41A0368306CD4865EEC22F43
Malicious:	false
Preview:	0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ......>/....."#.D.....A.A..Eo........&p...........a.f.m.i.o.p..3U5.....^...I.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.520139474791017
Encrypted:	false
SSDEEP:	6:mR9YOFLvEWd7VIGXOdQn/l8LyntzBMqVd3G4K41:2DRuRuTNB9Vd2
MD5:	0DE55E8A37AE646F93B53A8092F1BEF5
SHA1:	26F91EAAF3F8EE7CC1D7D1C7D564227D0B158160
SHA-256:	ED414107F2F4A1ACB2239CDE0F5D1F470DE9299E7BAAA1C546683ABB5C6F9D38
SHA-512:	03B35B11C418B25B536A0257EE6DC768E68484FB982CFF45538748123C66C3459253643B8C3298C58F8ADB215E3A14EB2D98B60AAAD44AA085BB2F7FD8E50ED5
Malicious:	false
Preview:	0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js .e....>/....."#.D.....A.A..Eo....................y.$..$.v5j...T...z.]..._S....A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.587176820236099
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9QXkH/l5tluA424r1:+RQx3qr
MD5:	27EEF77A611E2557E384E35270D7116B
SHA1:	B4CDBE7E345A0CC25191340D60E2AB5FFED5E7A0
SHA-256:	CF9ACECDDA8DDAA1F43AECAD8D2608D8CB8E405E43398A0763AA465860781EC8
SHA-512:	769FB384273E6DE1BD0D214631E6F3BA1DB39C71EA26B0F63C62A47F5774A326CFEC8AB377C7AF44431FC0C24CFBF9FBB3378F6CB7EC6E1929B3D91A2BBFBDCA
Malicious:	false
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .d....>/....."#.D.3....A.A..Eo.................#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.567215520233991
Encrypted:	false
SSDEEP:	3:m+lS5Etla8RzYOCGLvHkWBGKuKjXKVRNUp/KPWFvID6lUekRktXt7Ag2iHio/Mm1:moXXYOFLvEWdENUAuC6q+tuyC8n1
MD5:	8D346D2883C84A2323D26408E79A8465
SHA1:	0C3C38283F698FBD58FD7E124FA2F2381F713B3F
SHA-256:	1174CEABF55985E153E319677DE630DBA8E3AAC7685730D0E237EF430AAAF7C1
SHA-512:	098CC78D92B7319CB0D0F2698DA57D7D0F99DA36B20342E174C9CE07C79893AC8FBB2E3FD66F20D90BAC4DB69CFECA28B0B51066DABEA39E3F07B553458354A8
Malicious:	false
Preview:	0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .-....>/....."#.D.....A.A..Eo........{.........8.../...;.\\o....1..........+..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	221
Entropy (8bit):	5.578705902423311
Encrypted:	false
SSDEEP:	3:m+lFNrs8RzYOCGLvHkWBGKuKjXKeRKVIJ/2kKLuVN96lH0kRktm9t/XsYWmYk5m1:mQZYOFLvEWdrROk/VQZ9Qtmf/sLmB41
MD5:	9C7503128B806ACCBFB0F3F0827F4AA2
SHA1:	DAA928CA8B069FF3F441AC13523AB58A10ADB8A9
SHA-256:	2170F10CCCB29464C4DC1B4610764BD5BF8A3DC3C0629333D9BC618B76F4A639
SHA-512:	DACDA726980A0CB407CED80E92CC85EE9ED8F5B15B221FF1A3C98FF5F4327E4F4ED3C4BCDDC4FF12485C5F3B31DDBD1589D9B6D49BFA18902A474C86A9577017
Malicious:	false
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .yY...>/....."#.D\v...A.A..Eo......n.uZ........ ./.ev......N~..6.b.....$.j;:C...A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.587682504461871
Encrypted:	false
SSDEEP:	6:mZ/lXYOFLvEWdccAWuRlz9t4mLdm9741:qxRcvZ9JLdu7
MD5:	2BEF3CB52DEAD59E12BA122F4A8F4F7B
SHA1:	281E6AFF79582BCA2E91848EFF4A4C2CBAF67290
SHA-256:	2709AD62EAD61E66EC7970E232A3A2925E7E62AE528AA3755E72AC0E704B67EC
SHA-512:	3E87EC5BEC3E881DAA6D4926C1750B644B45D72348085C610C3B1EB299A386480665AB158ACDAE4D4C6EE0B02B19D8B442CAC4FA1E79A232543DC788BB7B85B8
Malicious:	false
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ......>/....."#.D`?...A.A..Eo....................U...I.>P...X...x..0U.~;m.x.k.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.587935151934223
Encrypted:	false
SSDEEP:	3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFv8Tutl0Q9kRkt2GB6shoq+Nem1:mMOYOFLvEWdwAPVueatKctzB6Jn1
MD5:	7DB83F54CF5A709CD6A7E127AED91803
SHA1:	846156854A01694C9C9C47FDA7E85032676BDBEE
SHA-256:	F39E75080F619CD00ACDF7164F9F4D583292232D570ABED0FCD6037CD463FCBC
SHA-512:	0727F20046161411F02111DF739259CB47D2CF30E83F899E7D189D89552CF9BC557085078F6C3DFE62C616780FB6677E05FCFCF150C116FA1D64BD28CD948CBD
Malicious:	false
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js .D....>/....."#.D7....A.A..Eo.......G...............k....F..D..O.n;[.1m.....=..A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.610999286669094
Encrypted:	false
SSDEEP:	6:m3PXYOFLvEWdBJvYQtlelcxQtCIhcsBXIh1:mxRBJQ6cHkgB
MD5:	743CF6495943CB0E5B003994F91C8465
SHA1:	540487864B85705D863FDE04F88257262D7BB9D4
SHA-256:	FBF7BF24829058B0FD632B465A9041BFAE2828FFE4858DB0DF4B5EAD7A09E53C
SHA-512:	0BACA5550963396520EF57478715B99C806C60727D907AE6ABE22982139EEE4FCF247F2D61725C5B0B285539FE9D5A9F5A3B7F87C8F93F330EE288319C729139
Malicious:	false
Preview:	0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ......>/....."#.D.....A.A..Eo.......N.,...........k..`..N3.... ..d..$[.....{.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	228
Entropy (8bit):	5.592712726622498
Encrypted:	false
SSDEEP:	6:msPYOFLvEWdrROk/RJUQ+gZQ9tvXZc3Me/1:3RrROk/s19P
MD5:	E03DBF93124851470909693F3C2D276B
SHA1:	77EE61146E9894B02890AAAE84416F2A296F6061
SHA-256:	56D50E0DDDAA44BF14EAF88D2E1708CFB8909B5182F579BBDE02AA4A11F719A7
SHA-512:	AC61AD13DE31EB33A619FBBB502DA2AD74D1F7A1B884FF62FBFDDF2E2890FEFBBB1CF7C545318E7B0DED09208789E4A27A0B8C93DDB83BDEB43C72F2307C0D12
Malicious:	false
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ......>/....."#.DP....A.A..Eo......!...............9Q].8O.z....=..:.N.{....N{.A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	Maple help database
Category:	modified
Size (bytes):	1032
Entropy (8bit):	5.0869047911882825
Encrypted:	false
SSDEEP:	24:GhAbwvTsI3fJsMkgM94+iDL4S4srAymsVz4JCPgW/ZeybIyIL4iMwaJPVMy6Nqn:GTHb747D0ND3
MD5:	931F16EF0EC7855132381E3A6AD77DEF
SHA1:	240B33308832DA232E4B595E297A2ECDD4A608E0
SHA-256:	DFD4260FBA6438E7A0FCDEDA2D5C133F97A69A717C0D78EDD4AA58A90FE32FCE
SHA-512:	3C8DFACFFB4389236B1F6C4E27E4F2185D328B5A55C07F1A924FE82ECEED6A7694164BC5311995B6AD6A6F04E56782FA258891A004A12ED8F304C0E714A07827
Malicious:	false
Preview:	....Y`7.oy retne....)........T............3........>/..........v...q..@....>/..........C..M.....k...............#...(...k.............]...I.@.\..>/................@.\..>/...........6<\|.......>/.........<...W..J....>/..............oB....>/...........a........>/...........;.y~A......>/...........P....V.....>/.........F..=z;......>/.............o......>/..................>/...........2q.........>/.........Gy.'.h......>/.............k7A......>/.........:..N.A.......>/..........;/........>/.....................>/............P[. q.....>/.........,+..._.#.....>/..........J..j........>/.........A?.2:.......>/..............q......>/..........u\]..q.....>/.........!...0.o.....>/....................>/..........o..k.......>/.........^.~..z......>/..........[.i..%......>/..........+.{..'.....>/............MV3.......>/..........@..x......>/.........)....J:.....>/..........&.S.........>/.........+.U.!..V.....>/.............D.4......>/..........~.,.4>......>/.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	Maple help database
Category:	dropped
Size (bytes):	1032
Entropy (8bit):	5.0869047911882825
Encrypted:	false
SSDEEP:	24:GhAbwvTsI3fJsMkgM94+iDL4S4srAymsVz4JCPgW/ZeybIyIL4iMwaJPVMy6Nqn:GTHb747D0ND3
MD5:	931F16EF0EC7855132381E3A6AD77DEF
SHA1:	240B33308832DA232E4B595E297A2ECDD4A608E0
SHA-256:	DFD4260FBA6438E7A0FCDEDA2D5C133F97A69A717C0D78EDD4AA58A90FE32FCE
SHA-512:	3C8DFACFFB4389236B1F6C4E27E4F2185D328B5A55C07F1A924FE82ECEED6A7694164BC5311995B6AD6A6F04E56782FA258891A004A12ED8F304C0E714A07827
Malicious:	false
Preview:	....Y`7.oy retne....)........T............3........>/..........v...q..@....>/..........C..M.....k...............#...(...k.............]...I.@.\..>/................@.\..>/...........6<\|.......>/.........<...W..J....>/..............oB....>/...........a........>/...........;.y~A......>/...........P....V.....>/.........F..=z;......>/.............o......>/..................>/...........2q.........>/.........Gy.'.h......>/.............k7A......>/.........:..N.A.......>/..........;/........>/.....................>/............P[. q.....>/.........,+..._.#.....>/..........J..j........>/.........A?.2:.......>/..............q......>/..........u\]..q.....>/.........!...0.o.....>/....................>/..........o..k.......>/.........^.~..z......>/..........[.i..%......>/..........+.{..'.....>/............MV3.......>/..........@..x......>/.........)....J:.....>/..........&.S.........>/.........+.U.!..V.....>/.............D.4......>/..........~.,.4>......>/.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.1391189557055545
Encrypted:	false
SSDEEP:	6:nROfjfq2Pwkn2nKuAl9OmbnIFUtqVCROfVWhZmwYVCROfVW7kwOwkn2nKuAl9Omt:n6bvYfHAahFUtR6VWh//6VW75JfHAaSJ
MD5:	B1A211AE63A17DC51E6682DFCBC7CC9B
SHA1:	C5264DD13DFAE860DB9EE3373EAD457D77858129
SHA-256:	C1142989D5A31EB53CA546B777579D5C88314549740542DB2E990A11975E4C15
SHA-512:	039235E9DAA3AFED3B23C5A2A5F99918442EFB9A1AA23AFB2C64A050A55D089FA10E1C22AF78BF02885F9C189A3A0ADC712E2C7A188923625C9C017A8BC2603C
Malicious:	false
Preview:	2022/06/01-19:50:21.393 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2022/06/01-19:50:21.395 1a10 Recovering log #3.2022/06/01-19:50:21.395 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.1391189557055545
Encrypted:	false
SSDEEP:	6:nROfjfq2Pwkn2nKuAl9OmbnIFUtqVCROfVWhZmwYVCROfVW7kwOwkn2nKuAl9Omt:n6bvYfHAahFUtR6VWh//6VW75JfHAaSJ
MD5:	B1A211AE63A17DC51E6682DFCBC7CC9B
SHA1:	C5264DD13DFAE860DB9EE3373EAD457D77858129
SHA-256:	C1142989D5A31EB53CA546B777579D5C88314549740542DB2E990A11975E4C15
SHA-512:	039235E9DAA3AFED3B23C5A2A5F99918442EFB9A1AA23AFB2C64A050A55D089FA10E1C22AF78BF02885F9C189A3A0ADC712E2C7A188923625C9C017A8BC2603C
Malicious:	false
Preview:	2022/06/01-19:50:21.393 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2022/06/01-19:50:21.395 1a10 Recovering log #3.2022/06/01-19:50:21.395 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.008907738108328683
Encrypted:	false
SSDEEP:	3:ImtV/CuttMTLS/Jf0lt+urQTlD7vt/lcvmllP62/X:IiV1kTLLlousTxvv6m
MD5:	0A339004BCB425813505AE2871E61E20
SHA1:	9BDA040B5589E1B919A259DB212F4CE8E32AAA8F
SHA-256:	46828E139BE167C9E36B556EB137571DE93A29930C366CE0666B1385BC106517
SHA-512:	DA3CE56FFA0538D022A80F7F6DAE1E89586E27FC484E82CCCAADC9EE163BEBBEDA2CAB446D507C622BAE868086E382F5436E328418BB877FBBF0A2192CB61DF8
Malicious:	false
Preview:	VLnk.....?......).0k.....................................................................................................................................................................................................................................................U....n.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-220601192510Z-206.bmp

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	0.1222925809610605
Encrypted:	false
SSDEEP:	24:QJeIIL0DJRMca5iVsarMtjsvaB6aqUaMeLpW7:X0DEZ5itMtjsCqUaMcW7
MD5:	14B9EAC0E7815077BB9A8ED1008FBFC0
SHA1:	DE6984FD4093E8A1208FE0F2189197236CAE1496
SHA-256:	D03A8514943AE834DA8065CF4768FEE3923D624A003DBE03632AC36742016C88
SHA-512:	170108BF03A8D69F13C73AF606E92719A25429B13CAE19F22A562A5C065FC7E66EFC7917EB67825A785D265F763B92CD46E3069C92EEDE933552A3FD6068D7E2
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3024000
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	3.567866345310964
Encrypted:	false
SSDEEP:	384:XeT9dThItELJ8fwRRwZsLRGlKhsvXh+vSc:nkYZsLQhUSc
MD5:	BF98AFF83AB6EFC6C6D89D8661E50150
SHA1:	58B0FE62218335EF90FE2B3D67A8B911DA456308
SHA-256:	69F93A30F4DC934FB6A6D0A674E0F92A6DAF286D3C1F85DB2ED3D72448BE03C8
SHA-512:	0993014AC957072BF242542C070AA79FAEED81C05B062AF9654E69BAC892E47749FF8FD580D73CDDF15D20206BF4C7D591ADD4A6EFD19757AD6814BF81262DFD
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.3114462850468334
Encrypted:	false
SSDEEP:	48:7MN2iomVGom1CQiom8Vom1Nom1Aiom1RROiom1Com1pom1h+iomVPiomg2qQlmFF:7/CLQOhACP2N49IVXEBodRBkF
MD5:	82B3C0C08A98FE685C458C6635C91870
SHA1:	6C6B07C577BBC8C7390AFCCD5A927249BCDD1076
SHA-256:	7CDA5D49BF9F1B3CFCC68F9F460FE6EB2C531116D8523EAACE9B34A604517570
SHA-512:	1CA378B81EE7EE2AEAEFB054C1B99DD64499F622D274AA74A52ADBB2F4F92905F6DF4D5F1DBBE0C80097F81E838FAAF83A601D03757387A45B372E7D89330924
Malicious:	false
Preview:	.... .c.....".............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................W....X.W.L...y.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst (copy)

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	536
Entropy (8bit):	5.17576513886526
Encrypted:	false
SSDEEP:	12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
MD5:	4D5E3CD969F14362210F0473720C5528
SHA1:	AFD90E9888759B809F78E87D5550B601A288A0A3
SHA-256:	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
SHA-512:	B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.492

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	536
Entropy (8bit):	5.17576513886526
Encrypted:	false
SSDEEP:	12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
MD5:	4D5E3CD969F14362210F0473720C5528
SHA1:	AFD90E9888759B809F78E87D5550B601A288A0A3
SHA-256:	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
SHA-512:	B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst (copy)

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	536
Entropy (8bit):	5.17576513886526
Encrypted:	false
SSDEEP:	12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
MD5:	4D5E3CD969F14362210F0473720C5528
SHA1:	AFD90E9888759B809F78E87D5550B601A288A0A3
SHA-256:	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
SHA-512:	B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst (copy)

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	9566
Entropy (8bit):	5.226610011802065
Encrypted:	false
SSDEEP:	192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
MD5:	63B24EA3A13EAC476D6309BB202EF459
SHA1:	89502C393549C20C933E4553F51F74F3DBE085EF
SHA-256:	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
SHA-512:	2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.492

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	9566
Entropy (8bit):	5.226610011802065
Encrypted:	false
SSDEEP:	192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
MD5:	63B24EA3A13EAC476D6309BB202EF459
SHA1:	89502C393549C20C933E4553F51F74F3DBE085EF
SHA-256:	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
SHA-512:	2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	63598
Entropy (8bit):	5.4331110334817385
Encrypted:	false
SSDEEP:	768:PCbGNFYGpiyVFiC0Z8E846BCrcM+xJGvNZlgimnaDYyu:J0GpiyVFih8El6BCoMkmgNaDK
MD5:	30E4E80CC770E6E9D226DA163DB53C20
SHA1:	6F51C0AD7A3A42511F929BD7B364328E8830A139
SHA-256:	0E7777FE76242AE2468125703329FF9DAA779A3E396BEF81AC89920C054BA232
SHA-512:	A3DE47F6762C7A862678AF97584EB99F5BA56A64D521A276CCA5354FA02EFF41CB32FCF441541D963269B24AC5DAB0E5C97C11A3F595EE4B4328203C58AA857E
Malicious:	false
Preview:	4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.6759519140009473
Encrypted:	false
SSDEEP:	12:wwiNiRAxdmNmPlE7EprJQwIdpI5NZMJgF4NJ2RZwfg:IiRAx4NSPprSwgpXuFeJ2W
MD5:	29DB0E735966B4175186D8B1E31433F2
SHA1:	5315462C8A8CE1E704E6AA78DAC8FE04C99119E4
SHA-256:	4CD385E3B8F22E156832D84DD6AB1A5AB5B55968774B70DC46DCD12F33586C0F
SHA-512:	1341BDBA0B522C3AD234FCC09BD75803452A444EDD539AA56B516910CC66CC382190E11F920709EFEE5E1A62C5EE942E4D4A6A59CF884AB7822636EB20D9B36B
Malicious:	false
Preview:	...S.v...:@..hC-.H.QE..\|....l.s...... ........k.Hk..x....n^\|}.]..r..9.._#Z. ...>.....p.J.j_..Tj.....i.Q.....Os..3\|B...lp..?....h=...6K.s4...^..qZ.......;$].Z?.S......U ...lq....J...].P%.. .....5. <Z\|...$D.._.Q.\|)..9......:.$..]....\|-.....$....5.4...;..B3h.f3...s..g..".o.2..>.$...,..b.gP.Q.EC..)..#1.~....H.[..t#.2......X...Uc.....2..k..8$....w?..b+ZsF.0...!.k..'T.U.......epaCp\fw.f+.......U.h3..s..+1.M`-..`.....Y.d.{....C.....I*.....lM..=B.]QV..F...)'....^.2........._CR...Y.....m.C..\|......q.?.u.{....X.J..J................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PDF document, version 1.4
Entropy (8bit):	4.2232015981604905
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	aaa.pdf
File size:	6027
MD5:	638173bf4db5fe2b4d873e92ca73b890
SHA1:	e0f83d04b2a1d6ea33ffc202931d167cc0db0e59
SHA256:	b759ed2958a568df4103c84903704dd5678ea3ec2a7f4bfbd9bca28313e63b4a
SHA512:	148ee196baf1f2c0a28adf2582383a30aa97343f70ad5306ff5f3bef5c7c0df94556e6a508f34629bf3d5cae2d76a4b88706b64a9d7fbf1151ae4b2e66ddc81f
SSDEEP:	48:FU9XYGD1ZdZnSvo6TLRrpxI26huTdjtJakInMR/jvmzTXuVxVVR6lNoD0cx:FUF9hZb6nTz56eYkInMR/q3+VFQlNu
TLSH:	69C13314CCD27CCCE185674617A639058B1FB27778C4AC833DAE4A924F01FA6EE97286
File Content Preview:	%PDF-1.4.%......6 0 obj.<</Linearized 1/L 6027/O 8/E 1835/N 1/T 5861/H [ 476 150]>>.endobj. ..xref..6 9..0000000016 00000 n..0000000626 00000 n..0000000703 00000 n..0000000830 00000 n..0000000914 00000 n..0000001335 00000 n..00000015

File Icon


Icon Hash:	74ecccdcd4ccccf0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	4.223202
Total Bytes:	6027
Stream Entropy:	3.275005
Stream Bytes:	3816
Entropy outside Streams:	0.000000
Bytes outside Streams:	2211
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	14
endobj	14
stream	3
endstream	3
xref	2
trailer	2
startxref	2
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

• AcroRd32.exe
• AcroRd32.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe

Click to jump to process

Memory Usage

• AcroRd32.exe
• AcroRd32.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Click to jump to process

System Behavior

Analysis Process: AcroRd32.exePID: 5268, Parent PID: 1332

General

Target ID:	0
Start time:	19:50:08
Start date:	01/06/2022
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\aaa.pdf
Imagebase:	0x1310000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

File Activities

File Opened

File Created

File Moved

Other File Operations

Volume Information Queried

Section Activities

Sections loaded by Windows

Sections loaded by Program

Registry Activities

Key Opened

Key Created

Key Deleted

Key Value Created

Mutex Activities

Mutex Created

Process Activities

Process Created

Process Information Set

Thread Activities

Thread Created

Thread Execution Resumed

Thread Information Set

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

System Activities

System Information Queried

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Windows UI Activities

Window Created

Window UI Found

Window UI Enumerated

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Chronological Activities

Analysis Process: AcroRd32.exePID: 492, Parent PID: 5268

General

Target ID:	1
Start time:	19:50:09
Start date:	01/06/2022
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\aaa.pdf
Imagebase:	0x1310000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Section Activities

Sections loaded by Windows

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Activities

Process Information Set

Thread Activities

Thread Created

Thread Information Set

Memory Activities

Memory Usage Statistics

System Activities

System Information Queried

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Windows UI Activities

Window Created

Window UI Enumerated

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Chronological Activities

Analysis Process: RdrCEF.exePID: 6176, Parent PID: 5268

General

Target ID:	3
Start time:	19:50:14
Start date:	01/06/2022
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Imagebase:	0x10a0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

File Activities

File Opened

File Read

Other File Operations

Section Activities

Sections loaded by Windows

Sections loaded by Program

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Mutex Activities

Mutex Created

Process Activities

Process Created

Process Information Set

Process Terminated

Thread Activities

Thread Created

Thread Terminated

Thread Information Set

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

System Activities

System Information Queried

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Chronological Activities

Analysis Process: RdrCEF.exePID: 6384, Parent PID: 6176

General

Target ID:	5
Start time:	19:50:16
Start date:	01/06/2022
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=16994096637893958157 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
Imagebase:	0x10a0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Section Activities

Sections loaded by Windows

Sections loaded by Program

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Activities

Process Information Set

Process Terminated

Thread Activities

Thread Information Set

Memory Activities

Memory Usage Statistics

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Token Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Chronological Activities

Analysis Process: RdrCEF.exePID: 6408, Parent PID: 6176

General

Target ID:	6
Start time:	19:50:16
Start date:	01/06/2022
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1013380377822533116 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1013380377822533116 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x10a0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Section Activities

Sections loaded by Windows

Sections loaded by Program

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Activities

Process Information Set

Thread Activities

Thread Information Set

Memory Activities

Memory Usage Statistics

System Activities

System Information Queried

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Chronological Activities

Analysis Process: RdrCEF.exePID: 6488, Parent PID: 6176

General

Target ID:	7
Start time:	19:50:17
Start date:	01/06/2022
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=6535563391496955322 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6535563391496955322 --renderer-client-id=4 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x10a0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Section Activities

Sections loaded by Windows

Sections loaded by Program

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Activities

Process Information Set

Thread Activities

Thread Information Set

Memory Activities

Memory Usage Statistics

System Activities

System Information Queried

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Chronological Activities

Analysis Process: RdrCEF.exePID: 6436, Parent PID: 6176

General

Target ID:	18
Start time:	19:50:37
Start date:	01/06/2022
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1712,5655365520557737087,4840407804991204709,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15898316639092127087 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15898316639092127087 --renderer-client-id=5 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x10a0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Section Activities

Sections loaded by Windows

Sections loaded by Program

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Process Activities

Process Information Set

Thread Activities

Thread Information Set

Memory Activities

Memory Usage Statistics

System Activities

System Information Queried

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.