Play interactive tour

Edit tour

Analysis Report https://browardcovidvaccine.com/forms/covid-19-consent-form.pdf

Overview

General Information

Sample URL:	https://browardcovidvaccine.com/forms/covid-19-consent-form.pdf
Analysis ID:	335757
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Startup

System is w10x64

iexplore.exe (PID: 5960 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4608 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5960 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

AcroRd32.exe (PID: 6016 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 4608 MD5: B969CF0C7B2C443A99034881E8C8740A)

AcroRd32.exe (PID: 5596 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 4608 MD5: B969CF0C7B2C443A99034881E8C8740A)

RdrCEF.exe (PID: 3924 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 720 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5379323792516701677 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5379323792516701677 --renderer-client-id=2 --mojo-platform-channel-handle=1704 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 5344 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=9674270544700556936 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 5988 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8551645402023685635 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8551645402023685635 --renderer-client-id=4 --mojo-platform-channel-handle=1836 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 2224 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5463412054220947810 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5463412054220947810 --renderer-client-id=5 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ca6a6d2,0x01d6e2eb</date><accdate>0x9ca6a6d2,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ca6a6d2,0x01d6e2eb</date><accdate>0x9ca6cdee,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9caa0241,0x01d6e2eb</date><accdate>0x9caa0241,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9caa0241,0x01d6e2eb</date><accdate>0x9caa294f,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cab61dc,0x01d6e2eb</date><accdate>0x9cab61dc,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cab61dc,0x01d6e2eb</date><accdate>0x9cab88ea,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: browardcovidvaccine.com

Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: AcroRd32.exe, 00000004.00000002.1650521161.0000000005570000.00000002.00000001.sdmp, AcroRd32.exe, 00000004.00000002.1667289454.0000000009987000.00000004.00000001.sdmp, ~DF1019FE9A4EBC86F7.TMP.1.dr	String found in binary or memory: https://browardcovidvaccine.com/forms/covid-19-consent-form.pdf
Source: {C70C3E22-4EDE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://browardcovidvaccine.com/forms/covid-19-consent-form.pdfRoot
Source: AcroRd32.exe, 00000004.00000002.1661180010.0000000008EE0000.00000004.00000001.sdmp	String found in binary or memory: https://browardcovidvaccine.com/forms/covid-19-consent-form.pdfn
Source: AcroRd32.exe, 00000004.00000002.1661072829.0000000008E50000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000004.00000002.1661072829.0000000008E50000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com~
Source: AcroRd32.exe, 00000004.00000002.1660763558.000000000837D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: classification engine

Classification label: clean0.win@17/61@2/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFA9BBE2BF5357C066.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5960 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 4608
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 4608
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5379323792516701677 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5379323792516701677 --renderer-client-id=2 --mojo-platform-channel-handle=1704 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=9674270544700556936 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8551645402023685635 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8551645402023685635 --renderer-client-id=4 --mojo-platform-channel-handle=1836 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5463412054220947810 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5463412054220947810 --renderer-client-id=5 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5960 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 4608	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 4608	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5379323792516701677 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5379323792516701677 --renderer-client-id=2 --mojo-platform-channel-handle=1704 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=9674270544700556936 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8551645402023685635 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8551645402023685635 --renderer-client-id=4 --mojo-platform-channel-handle=1836 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5463412054220947810 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5463412054220947810 --renderer-client-id=5 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

File opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfg

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 4_2_0062B050 LdrInitializeThunk,

4_2_0062B050

Source: AcroRd32.exe, 00000004.00000002.1650521161.0000000005570000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000004.00000002.1650521161.0000000005570000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000004.00000002.1650521161.0000000005570000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000004.00000002.1650521161.0000000005570000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection2	Masquerading1	OS Credential Dumping	Process Discovery2	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection2	LSASS Memory	File and Directory Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://browardcovidvaccine.com/forms/covid-19-consent-form.pdf	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
browardcovidvaccine.com	0%	Virustotal		Browse
cdn.onenote.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
https://ims-na1.adobelogin.com~	0%	Avira URL Cloud	safe
https://browardcovidvaccine.com/forms/covid-19-consent-form.pdfn	0%	Avira URL Cloud	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
https://browardcovidvaccine.com/forms/covid-19-consent-form.pdfRoot	0%	Avira URL Cloud	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
browardcovidvaccine.com	52.4.199.138	true	false	0%, Virustotal, Browse	unknown
cdn.onenote.net	unknown	unknown	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
http://www.osmf.org/layout/anchor	AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
https://ims-na1.adobelogin.com~	AcroRd32.exe, 00000004.00000002.1661072829.0000000008E50000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://browardcovidvaccine.com/forms/covid-19-consent-form.pdfn	AcroRd32.exe, 00000004.00000002.1661180010.0000000008EE0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/drm/default	AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.wikipedia.com/	msapplication.xml6.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.amazon.com/	msapplication.xml.1.dr	false		high
https://browardcovidvaccine.com/forms/covid-19-consent-form.pdf	AcroRd32.exe, 00000004.00000002.1650521161.0000000005570000.00000002.00000001.sdmp, AcroRd32.exe, 00000004.00000002.1667289454.0000000009987000.00000004.00000001.sdmp, ~DF1019FE9A4EBC86F7.TMP.1.dr	false		unknown
http://www.live.com/	msapplication.xml2.1.dr	false		high
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.quicktime.com.Acrobat	AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ims-na1.adobelogin.com	AcroRd32.exe, 00000004.00000002.1661072829.0000000008E50000.00000004.00000001.sdmp	false		high
https://browardcovidvaccine.com/forms/covid-19-consent-form.pdfRoot	{C70C3E22-4EDE-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
http://www.osmf.org/subclip/1.0	AcroRd32.exe, 00000004.00000002.1653118788.00000000074C0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
52.4.199.138	unknown	United States		14618	AMAZON-AESUS	false
80.0.0.0	unknown	United Kingdom		5089	NTLGB	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	335757
Start date:	04.01.2021
Start time:	14:46:23
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://browardcovidvaccine.com/forms/covid-19-consent-form.pdf
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/61@2/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 11 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Max analysis timeout: 720s exceeded, the analysis took too long Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 52.255.188.83, 40.88.32.150, 104.83.120.32, 23.211.4.250, 2.20.143.130, 2.20.142.203, 51.11.168.160, 152.199.19.161, 104.79.90.110, 67.26.75.254, 8.253.204.120, 8.248.135.254, 8.248.133.254, 8.248.145.254, 20.54.26.129, 92.122.213.194, 92.122.213.247, 51.104.139.180, 52.155.217.156, 40.126.1.130, 20.190.129.17, 20.190.129.128, 20.190.129.133, 20.190.129.19, 40.126.1.128, 20.190.129.130, 20.190.129.24, 51.124.78.146, 51.11.168.232, 104.123.111.225, 104.83.127.80, 40.126.1.142, 40.126.1.145, 20.190.129.2 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, e4578.dscb.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, e15275.g.akamaiedge.net, acroipm2.adobe.com, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, cdn.onenote.net.edgekey.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, login.live.com, wildcard.weather.microsoft.com.edgekey.net, a122.dscd.akamai.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, acroipm2.adobe.com.edgesuite.net, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, tile-service.weather.microsoft.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, login.msa.msidentity.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, skypedataprdcoleus17.cloudapp.net, armmf.adobe.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, e1553.dspg.akamaiedge.net, dub2.next.a.prd.aadg.trafficmanager.net, settingsfd-prod-weu1-endpoint.trafficmanager.net, cs9.wpc.v0cdn.net, www.tm.lg.prod.aadmsa.trafficmanager.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
14:47:27	API Interceptor	115x Sleep call for process: RdrCEF.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	410
Entropy (8bit):	5.659485755627565
Encrypted:	false
SSDEEP:	6:men9YOFLvEWdM9Q7kePdNi7Z+P41TK6tGen9YOFLvEWdM9QR1jltaeZi7Z+P41T3:vDRM93CdwZiERDRM9C1+eUZiE
MD5:	AA2C8307D0693C506D5F458813E1697A
SHA1:	B75B70A34BDDFE0E1494EE69434BE4EB539236CE
SHA-256:	CA32B78406CDAA87473ACFDE9A77C93964C98196DF0492BF2D943FC195A8CBC4
SHA-512:	6DF2518D80609FAC5E5AFF46828916B0EBD309D4E95916BF801C4B69A0B7682CF5384CAA165F216F96CF22B6503D7F5660ADB982C95A9C8AC66349566937B845
Malicious:	false
Reputation:	low
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..G.(../....."#.D.. ....A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo.........#........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ...Q)../....."#.D......A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo........q0........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.6018501939342915
Encrypted:	false
SSDEEP:	6:mi9NqEYOFLvEkI28mU/98Be7Ywcr1TK6tBh98i9NqEYOFLvEkL0R1C/98Be7Ywc2:V9zZ3i9PQXb9zr6g9PQ83
MD5:	7C89AC9E9E51BF1D327610ACD76A64F4
SHA1:	EEC5EEE460E566B576DFAB6F83B76D5E7ECFCC8C
SHA-256:	0551CF845502FDBBF034EFB439036EA28FA6472F3184FEFB40719A1CB6B8C815
SHA-512:	27FAED7E34AEA970D878688823B4A38489C4863453D8E9ECB7245F3F46F710A541D6D65C0138B75B14E8512A2DB961E5E2C597E0D7791E4E6BB580E1D2CCB473
Malicious:	false
Reputation:	low
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ....(../....."#.D.......A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo.........D........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ....)../....."#.D.......A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo......Z.-*........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	492
Entropy (8bit):	5.577355835796032
Encrypted:	false
SSDEEP:	12:DyeRVFAFjVFAFIhAblUo6jP9pyeRVFAFjVFAFPUrIRblUo6jh:tB4v4IKSBP9HB4v4O+SBh
MD5:	7A99B092C6A22C9701CCF0914E76BD71
SHA1:	698C1B951389E4D79C010209962C59BAF141C0D7
SHA-256:	A924838A76DBFE344B63E0F7B4107E4E0234EAAE3E037929B82D022016C8636B
SHA-512:	4C66BD601A1DEE62CE3A7A8850EA3316ED0210DCB0809BB97755EF681D78F2145F9396F4487ED7CF337A49F5D230BB57DF8A9A57D0B98816C102CD0EB4020E59
Malicious:	false
Reputation:	low
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ...(../....."#.D.s.....A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo......<#.>........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .6.P)../....."#.D:#.....A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo......>j..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.672627562024894
Encrypted:	false
SSDEEP:	6:mNtVYOFLvEWdFCi5RsTszenlL0iWulHyA1TK6tI:IbRkiDyS+JFWuss
MD5:	4ADD545A4EF881F9B9A32A0663DA83B6
SHA1:	253FF4F4EE68BDFC25C27C81765A1D66F79617BF
SHA-256:	795AC902CEDBB3499B6E1B97E88C57B3C2DF635FDD28B3D4BD0EFF75AF876A72
SHA-512:	44A6B1B94E290E93D2F85F00CBED8D0701863F975CDE084C27272972C5D572A89AB03F3F7E2C2EEA885880FD60D267D9933B9D1693BFE96533782262B86CE9B2
Malicious:	false
Reputation:	low
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ..N.(../....."#.D..@....A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo........N........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.595058885894292
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVuvTt51Vyh9PT41TK6tTZl:pyixRuZ71V41TEr
MD5:	00814E61DCC79B993A2EA0B1A197D754
SHA1:	F575AFA1AEDA35395D0CA7A352F802A8778CA15A
SHA-256:	78B8D996ED72FE4BA3512565B0F154403DBB5EA4DD33AC91BAFFC954100A2C93
SHA-512:	87591E40B7F5531EE2CBD08B608ACCC82DB2B27B9B26ED87F7773030B53FB7CE1D64C4E3EAA84B10E4D89154DA802768E9436420F735ACF27018FA174284EEF8
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ..2Q)../....."#.D.......Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo.......M..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.6344020134890735
Encrypted:	false
SSDEEP:	6:mvYOFLvEWdhwjQDllXC1LZIl6P41TK6tK:0Rhk8uLZC0
MD5:	85B04842A14F056F30BEAE01F6679576
SHA1:	C100D4C8687B26C76D7F793D1FEAE46D00BFDC8B
SHA-256:	04764FFA8C2888D902E289364E0CC03DDD9EAB57285D5A9F5EF70310629D8CA3
SHA-512:	F75AC35B2AEE6CD0150603E152A768B5F9834533F430D7168391A892A1BDC94F4EFA881277352A17BF219566E97DC3AA29258B3AFB3FC9B8C2E5143C326E5F66
Malicious:	false
Reputation:	low
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js .V.K)../....."#.Dm......A.].>....uUf..N...k......c..l.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.542909074501601
Encrypted:	false
SSDEEP:	3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuV9jtiWocyxMtv9EWm1TK5ktsL:mJYOFLvEWdGQRQOdQQtiW86g1TK6ts
MD5:	FD4D8E27C55CC406CA5FF7AD38D25305
SHA1:	D27FF7ED67971D06F552B966853A4C0BE75244E9
SHA-256:	3E84B5070D6AECF1F3A79839FAED390CFCAD037C1D1208589789F23D89F67B63
SHA-512:	22B6C58EA26E1C495FAC33AB297E13AB3EC1F23AC918F36795573969AE519B237832535C01BC9A7BD291A32CA8B4B50A329ED0B87EEF0CEBB01F51EFC4B17098
Malicious:	false
Reputation:	low
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ...Q)../....."#.D.......A..c..y/L....\|y.n..C/I.....X7-ne.A..Eo...................A..Eo.......N.~........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.6223277354390335
Encrypted:	false
SSDEEP:	6:mOYOFLvECMLoXdMuR/41TK6tJMOYOFLvECMLtcX3D7LMuR/41TK6t9Xf:Z5M0tMuR/Ez5MZcnjMuR/Erv
MD5:	8185757D5FECC1110E7908ED707C45D6
SHA1:	253E91CDC49C8CFABFF173CB564EE5B5E066682F
SHA-256:	5150315997EB4A77414DA22449A49DEE6A87644CDE24462836155C83B8A56B6F
SHA-512:	CBF54F6015042F9AACF8581580ECC13C6BFE6239358E242477B77A47794CEC23CA647E51B9D96CB59D87146FD4AC3BF28D6A6D154A61B4295DB7E1FC8F444D95
Malicious:	false
Reputation:	low
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ....(../....."#.DM......A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo.......b..........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ....)../....."#.D.......A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......=.'.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.526622765926913
Encrypted:	false
SSDEEP:	6:m4fPYOFLvEWdtu9qksby0zBUKSAA1TK6tV:pR5pbe
MD5:	0B231888E125237948EBAD17F74483BE
SHA1:	E07BBC39755EA9306DE55FC6596EA3BB64BD1902
SHA-256:	1FBBBDB229B11C8A9F25A887627F04B4EB54F18854D3BB63417800640F6944D3
SHA-512:	B0F875C238439E82915BF3C3771968E307DFB649F99795FD4A7EC6F28E821862268D853FB98FBDB4F6E8B7BEDF46A7F422F4E1DDF8009228BD3744876D17A5D3
Malicious:	false
Reputation:	low
Preview:	0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ..TR)../....."#.D.......AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......9V..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	354
Entropy (8bit):	5.585683080343883
Encrypted:	false
SSDEEP:	6:md4HXXYOFLvEjMSWFvOSXsltUdyP41TK6tSd4HXXYOFLvEjMSWFvd01F33tUdyPs:KkXxKMSCvOS8ltUlkkXxKMSCvyntUl
MD5:	DFEC52DEE5EF2DEFB350D2BDFF0FA6E0
SHA1:	F6A57A395F80492CF54E5A88DEE4F9EBE4C073AB
SHA-256:	6BF8AD6917A63BF3C15C49F5889AB97F5F281DD665E95192BDA812EA62D1C2BC
SHA-512:	0B2A71D371A321C093D8EE2B08A56D717656D52EA3BF19C68984801CB4CED9E3188C6270B3FCD6E8DF43528946A644682F61CCCF3F91A3A10E847689F3943FF1
Malicious:	false
Reputation:	low
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ....(../....."#.D.......A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.........I........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ....)../....."#.D......A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......$..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	374
Entropy (8bit):	5.612417303241393
Encrypted:	false
SSDEEP:	6:mkl9YOFLvEWsfOL4yV1sbyM+VY1TK6tVKEkl9YOFLvEWsfOLp/tANrryM+VY1TK+:5h6OL4SkHKbh6OLRKqk
MD5:	AA33397FA3DD1BB571F11957B1E70EEC
SHA1:	D17E2A82E39026E8F51D53BF0C14A00274595601
SHA-256:	4942E81F7B9000BBE55CACE5853CE618BE39E55477FB1CC598D64746F0703C4C
SHA-512:	CD2C2CA48084FD53DFD8DA74FB4C85F3C88D6A3BE792B7C32C49E485031DC242BA1B1170C3A98295A52AF771AB6966C8612B520497891D1BC2869B448C28144F
Malicious:	false
Reputation:	low
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .$..(../....."#.D"q.....A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo..................0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..QB)../....."#.D.8.....A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......f.. ........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	488
Entropy (8bit):	5.665298922586579
Encrypted:	false
SSDEEP:	12:URVFAFjVFAFaFwSeKaTLnqRVFAFjVFAFFwSeKaTLn:UB4v4aFwzXLnqB4v4FwzXLn
MD5:	30275EC4A1D1A598DEBCEE55EE00B1B1
SHA1:	B510526852E349320A8F491493B6BE4B179063A1
SHA-256:	5BE7C338106480879FAD720187292B60D2C1C0D33CB73F8CAB300138FFA01867
SHA-512:	D546FE305CA0344B5893C1C0B4864190A7868A0DCB6832B5A0A731EA40C162A35BD8EBC824927D205447381ABB826F4949CDE1749CD3A4CDAFAB4C57B5915FC1
Malicious:	false
Reputation:	low
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ....(../....."#.D.A%....A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo........I.........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ..5Q)../....."#.D.......A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo.......\|.8........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.514846024405025
Encrypted:	false
SSDEEP:	3:m+lx4F08RzYOCGLvHkWBGKuKjXKGBIEGdevA/KPWFv6qe3tArpYFm1TK5ktH8Nl:ms2VYOFLvEWdvBIEGdeXu8e11TK6tM
MD5:	ADDF35542D8930F9B2A8BC166FB779F6
SHA1:	1B6D02B19847C4C4E81D8A7DC5240BAAF09E1810
SHA-256:	C9CE28F0458FB70763B883B09A64403B8B52A50F39E68D653B9C63C9FA72097F
SHA-512:	F469634340C5C7753CCE17650815C1374D9A89F4D7515EF3AD513F6A1894D3B9C3BCD93EAD811DF0A284218206036E55C1EBC5AEFA48712F3059F9375512A8DE
Malicious:	false
Reputation:	low
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..P)../....."#.D.g.....A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo......,.7Y........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.687465187009819
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQyepB7OhKlvA1TK6tJ/:RbR16aJk
MD5:	098BC75D38F98B931F06CF107340B1F3
SHA1:	A8F36E541220267426B5910514341BB32DC30F39
SHA-256:	EE9C3D9FFA9241003839677FD22ECEEF37475C2F1AD769B4AD407353D0ACA6BA
SHA-512:	2AC5C166DD5AAEF4F6431017A5C541A0D9ABF48E57E430138AB0F21D3775FF1AAF3540FF8A48659A940D92347CC2CD650F9E9F962728E1CDF1B0105113C4FFA9
Malicious:	false
Reputation:	low
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ...K)../....."#.Dd......A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo........`........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.587571038471125
Encrypted:	false
SSDEEP:	6:ms2gEYOFLvEWdGQRQVue1NejQdFt1TK6t:B2geRHRQ7O0
MD5:	9E9E41370C6F39795554D600D6032AAE
SHA1:	806A64C10FC7AAB2296B3B983C7253890C4277AE
SHA-256:	F1AC493A428CF20C7EA1A0186B243D7854F5866CCC122BDC9EB9BF7718C2AC50
SHA-512:	99BBB96DF8B635A0F7C9190034205A37736C019C1ADDA8AD9FBC19EB621C92FBAF85DE11767C33197E1B225B71BF5BEDD89A401F2B98C57E77A3A56A1873E27E
Malicious:	false
Reputation:	low
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js .c.P)../....."#.D.].....A@..{o]...9o\|..qY....T....{..u.b..A..Eo...................A..Eo.......y..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	412
Entropy (8bit):	5.652341137078574
Encrypted:	false
SSDEEP:	6:mzyEYOFLvEWdrIOQm1Jt1S/1TK6tiHezyEYOFLvEWdrIOQA8yt1S/1TK6to:WyeRl/t1w9yeRlIyt1w
MD5:	2DF7453D32CEF60D4EC989FB18F6CE36
SHA1:	1D502F4F1DA6EEB522CEFED0D2D0E488371B8F12
SHA-256:	951A35D9998229A69BA7D8E409E8326DAEAF313F0BA152AB09D17E93B5F018B2
SHA-512:	10AFBF54D1ACA5B1FCBE12C77FE75521684B87C667CFD6A3474ADA3C8573448B4ED5D16B92138DE2DCB9B2E6AA1458BB47CCF4AF7492CC936A92B36BB1EF54E8
Malicious:	false
Reputation:	low
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .h..(../....."#.D.......A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo..................0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .?tD)../....."#.D......A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo........q.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.594297660323219
Encrypted:	false
SSDEEP:	3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvGMNm1D4WDZ3NJNqww6U+5m1TK5ku:mnYOFLvEWdhwyu7m17ZqwK+41TK6tw
MD5:	1AA6F69283146011E15B263A5DE75F35
SHA1:	40AA981590803C95F99486A04164B2326F39DD42
SHA-256:	BBDC38DC4241157C3C158F3AF9C4CC79FABBC149414C8F3B4D8BE847999D2B94
SHA-512:	4A9C0C246919CFEBC32C6B3FD65233764356780E609CB4413FDFD3EF563D5B0E4FA0B5D8362CEF5C1D16A8FDDCD3752C0AB4EDAA1711712036ADBE655ACB9AE8
Malicious:	false
Reputation:	low
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .#)J)../....."#.D.].....A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo.......@.\|........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	460
Entropy (8bit):	5.607690647285311
Encrypted:	false
SSDEEP:	6:mYXYOFLvEWdrROk/RJbuNJ8ZvIfO441TK6tzN2YXYOFLvEWdrROk/RJbuNe5fO4s:/RrROk/yqZvIfLEjvRrROk/vfLE
MD5:	033C00483DFCCD90FC3A8F323C56E4F8
SHA1:	914E3C265966621C9F1E29C7064570680A882EE5
SHA-256:	040017C573F2F84E17D423BEC1122D6BC42E1FCECFA2C02B6BE3E7BACE17A722
SHA-512:	549ABF2281A7C35CB2D2657E834E46618CB59962B816CD5BC28CA28BD37C24CA934466AACADEBDBDFC093686C41B76225027D0CD48229BD20338B538E3E7AD07
Malicious:	false
Reputation:	low
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .F..(../....."#.D.......A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......U..........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..ZD)../....."#.DTo.....A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......Ct..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.6171344889877135
Encrypted:	false
SSDEEP:	6:mmDEYOFLvEWXI6Rka4N1QPLr1TK6ts/EmDEYOFLvEWXIItt4N1QPLr1TK6tB:xqTTka4NCPLnqrqThn4NCPLn3
MD5:	0F2F26F078CA523668A9FE0DD9CBF46E
SHA1:	D4A29ED6065F34B34CCE1070688E7BFAB0A07828
SHA-256:	E2CB5D84F960C9B5E564E8B437920692E6573137132978A457E4DD28BF581788
SHA-512:	88D57DBB728757AE003CBD2DBA8694F8EB3D58A2694C0637F308B41F1F25D13FE438BC36CC20CF57B7303EF0F2A5017822595A724B68475DBAA0B2D06F2DF5ED
Malicious:	false
Reputation:	low
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..].(../....."#.D.h.....A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo.......<zS........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..*B)../....."#.Dr......A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo.......G..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	414
Entropy (8bit):	5.651046299568386
Encrypted:	false
SSDEEP:	6:m52YOFLvEWdMAudT7gZsEJ41TK6t552YOFLvEWdMAu1JWtSIWsEJ41TK6tN:zRMjmsDqRMZzIWsDj
MD5:	C7E3F10ABC6A3ECAFFE54A4EE16354F3
SHA1:	FDC52BF96E80C23D810F6DC7E8C448EAB14D5E2C
SHA-256:	B54FE4E728413571829F0E17B172D7B9752C85C573F75CE80215CACC0200884B
SHA-512:	45C3BE4E18D4CB6CEA6326AC3C655016AC381EACA4138E14D651ADDA2E3BFC57B55BEDAE8C4AA22BE5B102C35A19F3E0062CFE97FA32900FAA667986B1AF1310
Malicious:	false
Reputation:	low
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .i..(../....."#.D.B.....A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo..................0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..+Q)../....."#.D.W.....A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.......(o.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.644903710900595
Encrypted:	false
SSDEEP:	6:mYilPYOFLvEWd8CAdAuJip1Fong1TK6tJYilPYOFLvEWd8CAdAuLltw7Fong1TK9:6lJR5loMplJRJoMK
MD5:	6EE0B56FEBCD943FF6A5CA5D85CA3EB0
SHA1:	FF68359EDB4C5F23A265AAE4DE5BAE0BB744E7F8
SHA-256:	6EB50133ED72017762CD9CA08B944F160C4145C9DF3490DB14E69FB8354AD3BB
SHA-512:	A66A97D9E17C8639BA4434B95A51F426AEE2E817E3BC8ABA2645A15F424DFC6F269A6223E7A8DF3E7B61F8DB4CC7FB6CABE7467AC28E56C8FDB5B1F5EC3EBDE4
Malicious:	false
Reputation:	low
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ....(../....."#.Dq......Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.......r`.........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .T0Q)../....."#.D.......Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo........CL........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	5.620108041699067
Encrypted:	false
SSDEEP:	6:mY8nYOFLvEWdrROk/IumyxFt2e16wG1TK6teMY8nYOFLvEWdrROk/IuxZe/g2e1I:F8hRrROk/suFX2S8hRrROk/rmQ2
MD5:	B91F55DABF2352BB3CBFCEE0C9F38699
SHA1:	B688F008C9FA9B5C5375E5449738B74AAB8CFB7A
SHA-256:	670F2C88E88FA07BBB01A4453D3ED5137143C0254F0ECC307A3A3B5924DD2837
SHA-512:	7C4F67252A3912D35CA5E1F4FE1E8022D6DB93DBBF106CAE6A5C9C4E10999142EE98C0A41514B3DA7DD09134A45916F74C1703DA2F5A865264949DA0902B389F
Malicious:	false
Reputation:	low
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..h.(../....."#.D.......A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo......,...........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..XD)../....."#.D`#.....A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo...... ..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	426
Entropy (8bit):	5.6676476430437415
Encrypted:	false
SSDEEP:	6:mLrnYOFLvEWdrIoJUQUTdirNJIi1TK6t2LrnYOFLvEWdrIoJUQtISrNJIi1TK6tH:ehRc5INJICohRcMNJICC
MD5:	28ADF6DA258F117FE9AD8F2142799072
SHA1:	A822813E5CAE86D6E141CBB49CBBDE792E9F7868
SHA-256:	F7571373FDCAB0D564E67EB32D4E3F2D1813B8A1E872AA5D36C93E047E12B63C
SHA-512:	727782F221CD8218C9318CAA42E0F29E0AAB94AB2943E1C21FE1AD7DCECE8F000A998757C245DA6BBC9B9E2A572AAECAC0A29C8EF241A82475B46E914E4D7E84
Malicious:	false
Reputation:	low
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ....(../....."#.D.8.....A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......N..h........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ..uD)../....."#.D8-.....A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.......fOW........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.608677528793764
Encrypted:	false
SSDEEP:	6:mOEYOFLvEWdrIhuPD13FLzgm2d/1TK6ti8OEYOFLvEWdrIhuJeTELzgm2d/1TK64:0RpRe3R0KRe
MD5:	623E5B3AB7913699717E740EDB54C647
SHA1:	56E556428CFD85A2246B11930A6377350A879AF8
SHA-256:	42E27B9CF91C8674A7A63B786B496B4DC39C846670FC1783CC427D99ACE4BC68
SHA-512:	1492C016FC9DD828A1ED6F0E874FE559E4E14F01DBFF9F768523A6068AE5A6C5585CFDE916652ACD1CB9BB34C36E26EDEFCD346292291A4FA80BC0CC8CF55A0D
Malicious:	false
Reputation:	low
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .RR.(../....."#.D.......AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo.......}u.........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .b6D)../....."#.D.].....AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo.........u........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	376
Entropy (8bit):	5.634288628396915
Encrypted:	false
SSDEEP:	6:mAElVYOFLvEW1K2JwrKp2kx56uvp1TK6t1AElVYOFLvEW1KfatJ0Zv2kx56uvp1f:6JJK82I3JJKfJp2I9
MD5:	550172A5F870F8CDAB2B8D8E47117F2F
SHA1:	2C38DC4B7CD2758B72488871DB918672A21B64E3
SHA-256:	02458B006723ED530528226CA4D9622164AB8103D4597C4B592E37154468B789
SHA-512:	8946ECAEDDFEF0289385DEB29968CEB5300685E2834587059289B56C80DDE7628DDA59BFBF5566F4CFDCD3968DA42C5A5E6A6302D55DC5AA8CE89931DE1BD963
Malicious:	false
Reputation:	low
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .b..(../....."#.D.......Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......4h.........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..;!)../....."#.D..~....Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......%..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.6479437440830464
Encrypted:	false
SSDEEP:	6:mWYOFLvEWdBJvvui10+xvhUDLYtmOZn1TK6t8:xRBJFKDcFZL
MD5:	5F9A01616D1EFE03EFE1C05BA3015386
SHA1:	C44CCCC249B840AC2F52734E8E8B703E02DC02E3
SHA-256:	8D046832FD694FF8FC30C8A59A367E713D40D478A646B94149A9018DF6C525A5
SHA-512:	026FDCBA3849E3CF85A4F191F50AFD0C8E10DFAD359AC9FDFB2C49DDCE48B671577E21B87ED79B7A74C32AACF42817A218D679D31FAA88CF871A8DC1F99D5C0B
Malicious:	false
Reputation:	low
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ...P)../....."#.D.~.....A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.66267173447014
Encrypted:	false
SSDEEP:	6:msRPYOFLvEWIa7zp77OaVPu1TK6tHMsRPYOFLvEWIa7zp7fUtuEaVPu1TK6tV:BPH1cF7PHWKc
MD5:	FC058A1BC0416A1687712325CCCBFE7F
SHA1:	2C28BEAEBD7A16C5101E3E8CA3C9A4142A5273D7
SHA-256:	D137E823C8F8E33A780A6309069DABC8682065CF2EDD1DC531F97C3820DEC9A3
SHA-512:	EA5336769DCC59919724694697F6868ED00AE2B262C1FDAF0A4AC0EA4C35AFCD68C2A19A807B61927482A47B69483BABCB398B3C288A73672B112A59E0A2F1D4
Malicious:	false
Reputation:	low
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....(../....."#.D?;.....A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo.......u..........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ..R.)../....."#.Dy......A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo.......D.H........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.606051657153661
Encrypted:	false
SSDEEP:	3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuVrOK1IDZ3iF4XVAZ+8cV3vRm1Tv:mKPYOFLvEWdENU9QoITiM3Y1TK6tJ9
MD5:	8DC1BFBA4AF1D46091A2586A8110FE1C
SHA1:	B71A7FEB64B643E2FC9729D7F9FCDF29CB6D2E8E
SHA-256:	5A8B15148796692707887A6E9EA8DB23DA9DF098335031487E55F607A473D9D4
SHA-512:	81C748E974487A458F97B74FA7088279B3C6CAA1CCE7FFDD3304E112E9A47A3C40B12679F3BCE24A6231FAAD4640F223A67C183246CD3FFCD3CF958B47A07280
Malicious:	false
Reputation:	low
Preview:	0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ...K)../....."#.D\|{.....A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo.........v........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	modified
Size (bytes):	208
Entropy (8bit):	5.604042135916898
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQBt6vjBRCh/41TK6t9:XRc9HvDi/E
MD5:	C934BC83A8D74D1FC0009EB6BD7138BB
SHA1:	241D9EF4729052AF3832975CCFA2928B2DB7F391
SHA-256:	D4CA3AC6D17AEF12F81778B5A56B6D0F2E8F7620A6AD5BCCABDA298E7C3A9E2C
SHA-512:	C1F18D76B18F15AB3C475186B1C91B4D42C5090F93AFA1B45831857B3CF8CD0113AAAC092CD13DF447DF57D03D4FA6C8BBF92F28B0BEAA8835FB7720EAC3FB71
Malicious:	false
Reputation:	low
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ...Q)../....."#.D.......APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo........S.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.616825718809433
Encrypted:	false
SSDEEP:	6:mqs6XYOFLvEWdFCi5mhuyktoOULlF4r1TK6t:bs6xRkiILlF4n
MD5:	DEABC76F3F85F4386D219AD7CB9EDC70
SHA1:	A32DC2DA79BD1CB0E993C00AEF0C224EA79A80F1
SHA-256:	5BA4DCDDED7AC086D8F32D76E93A84E72FD036232074B271BF62A6C856BCA1D2
SHA-512:	7AEDB489A6216FCF50B60BF42469903A6F03138C1A634BB57DFE6691CBD6140414ADF39A378D49283EF777C44425B71C44EFF55FA93CDF49C3C77C013BE1B8A2
Malicious:	false
Reputation:	low
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ....(../....."#.D.......A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo.......+..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.513584051687031
Encrypted:	false
SSDEEP:	3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvT3ZKlXqCcu1isLK5m1TK5kt/p:mhYOFLvEWd/aFuxZe+941TK6t/
MD5:	0A1AD955E09B482DB582AF92090B498E
SHA1:	69F36785A68C3F8E705B47337343617137FB01EC
SHA-256:	A51AC9D130FDCC5FEE74596E55CC6C2782E9110CEA09C5D05DA62222C77E1874
SHA-512:	A1D8168204697E82DF6C36EB1FE8629D9365DDAAA29915304E40E0AE6C1C2112569240715E46D1DF4715DFEDB260331077E44BBCED467840AD0F6CD4AC8C813E
Malicious:	false
Reputation:	low
Preview:	0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ..`R)../....."#.DU......A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo.......q........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.51614108351232
Encrypted:	false
SSDEEP:	6:mR9YOFLvEWd7VIGXOdQCZe2GoBMqVd3G4K41TK6tS:2DRuRxGoB9Vd2k
MD5:	833346086BFA611447BA6E5E2E0F54E3
SHA1:	61052826A28E9043EEC1DAB7479352B7CA898421
SHA-256:	D50A69AB919E7E17B6B5CC5B1F7C4D91D1242DCA3DC584EAD0D9E9B1D1682E3C
SHA-512:	0145869043D69C8C8A19D5A64E40F367EEE5DCF3A50E5B83CE80B33D22776BBACC5C8198B40AEFB319E8CD7C16445CD10DD1A705C383BE89488C6C516F674203
Malicious:	false
Reputation:	low
Preview:	0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js .p4R)../....."#.Di......A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo.......i}.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.633167153311537
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9Q+sdSlouA424r1TK6tjkqYOFLvEWd8CAd9QTcGlouA424r1B:+RQGwzrnRRQazrnf
MD5:	080A79C8696B0C7BAA2941103B1261A7
SHA1:	2C38C7754483514E3C6650673B42A2D237E82C67
SHA-256:	BA2F322F3F1D48694AE901941B515DDB3C17190CC81273B82B5A4786569BDC16
SHA-512:	C9F2A45E20242369EC5166A8AB5B2E32D0EC4EA43663482F532833BF9472C6963C29B3CE1FE867AE830E7D9F49FCB41D5A87747481DFED0DD3EC478248A81B64
Malicious:	false
Reputation:	low
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..N.(../....."#.D.."....A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo..................0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ...R)../....."#.Dh .....A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo......#C_n........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.580334032149055
Encrypted:	false
SSDEEP:	3:m+lS5Etla8RzYOCGLvHkWBGKuKjXKVRNUp/KPWFvt1Kg2iHio/Mm1TK5ktKHt:moXXYOFLvEWdENUAuv1KyC8n1TK6tKN
MD5:	E56DC19993B8F45D0174ABD45A77B9A9
SHA1:	76FDA3BAFF5C2FD1E47703055C390F96946936AA
SHA-256:	3EA215771E182F6503370FFB66C1F96ABCE9D9F46F0E5EE1F7D46B43307F7A87
SHA-512:	50880662A67E76A5882316D463FA2571995BA4836054956D9CDEFB6029F7EA06CB10A61C369C913F7024EE79529747EEB1C4EEF5D7DD89E0794218300FBBF5CD
Malicious:	false
Reputation:	low
Preview:	0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ...I)../....."#.D~......A8.../...;.\\o....1..........+..A..Eo...................A..Eo........b.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	442
Entropy (8bit):	5.644666485841012
Encrypted:	false
SSDEEP:	6:mQZYOFLvEWdrROk/VQkTvWsLmB41TK6tYQZYOFLvEWdrROk/VQn1dzVsLmB41TKn:nRrROk/Vr0mTRrROk/VWvnm+F
MD5:	C21D81B911CD496DCA72BF2339EA8D5C
SHA1:	1C106F0AE6DCED7E9EDC74EEF9775F904C6129CE
SHA-256:	05A63494E990D46C2BD85064D4503B20F32161E90D6225E4FD4F4B725FC4F9CD
SHA-512:	C5F7092254976B182A1491177E520F15916DFB9784C4C7872B809AE04B22FEF74264C76C22B1350AE65E70D1A59F245A55A355DBAB12E121C17D5B157B1C8CB8
Malicious:	false
Reputation:	low
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ....(../....."#.D+P.....A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo........{.........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..D)../....."#.Ds.....A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.571554780900382
Encrypted:	false
SSDEEP:	6:mZ/lXYOFLvEWdccAWuK1EAdm9741TK6t:qxRc+du7E
MD5:	A26C9B3EC54FD52DE158FE9C9040CEA6
SHA1:	0411F420C6519E88DC3A0057912E00E59B1BD84A
SHA-256:	1FAC91B50471168227D500672EE000DDFBC152BAA76186C47271D1DDA54FC6B8
SHA-512:	D378A7659F94CFDE0C6DC4C6309001EC3807C61B3DB32FEFDB8868815B5D91B102DA41BA56DC69FB02DF25984F06B74BCB47F39E17665D1AB70BBE969D4FD4FB
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ...P)../....."#.DeS.....A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.624747774504453
Encrypted:	false
SSDEEP:	3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvyBS/mKp6shoq+Nem1TK5ktml:mMOYOFLvEWdwAPVuUS/m1Jn1TK6tS
MD5:	D12CECE470828A462C09C4B11E446FFB
SHA1:	ACE783E713D4F0460A3C938742E90DA44B6F0227
SHA-256:	C7EF2D81312DA2F6BB8D5DCC176A16B1AA22635B52489D42A6724DE49830ECF4
SHA-512:	6AC56749615A184EF4E0DA1AABA67EE016F1EAC22E076DD9D0C3D23D3C88782D9FFEAF900F2B472B11B199117A8D200FF228EBC1099A5684657EAD38937A2CAD
Malicious:	false
Reputation:	low
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ...I)../....."#.D.......A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo........v.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.698217329101516
Encrypted:	false
SSDEEP:	6:m3PXYOFLvEWdBJvYQ+tDfzhcsBXIh1TK6tLl:mxRBJQJDB09l
MD5:	B03851E8F620D48F261D5ABC1275C474
SHA1:	AB43828AE60172B59BDC45BA3694FE7131ECC928
SHA-256:	1A1029F7C3F1215E6C4BB9871B467C61EF4F05FCA2A5D94AB1D382D59D106839
SHA-512:	9ECD5E15D8FB6B8FA4A6B34D18B168BEF4919872C13D49DDA71C38DF4E167B0D875DD18A3DA805217AEAEFB002274459C4E7862426D7EA9B83069D47C444D2F2
Malicious:	false
Reputation:	low
Preview:	0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ...Q)../....."#.D1?.....A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	456
Entropy (8bit):	5.634336520463169
Encrypted:	false
SSDEEP:	6:msPYOFLvEWdrROk/RJUQV15FyMc3Me/1TK6tpHlEsPYOFLvEWdrROk/RJUQdhcDe:3RrROk/sgc1dRrROk/sqGSlcA
MD5:	F48E38EC2098DBDC6283FD106FE5DC7F
SHA1:	4B51B633B5EEE928386CC4FE28522300A12BCF49
SHA-256:	64C6CAD06FE6A162A46C737B10605DFCCDAEC642BC70324E56A54BCC41A2C062
SHA-512:	823A09DA6CECAE4E9CD6906B1CD0EC3E06604AD72C20019A4FC0C5192A3FB48C9039D4957358F41F4E5EA02005AA830D2F3F4F8BED864C9E6AE5221A4BADB679
Malicious:	false
Reputation:	low
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .R..(../....."#.D.......A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo.......)w.........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...D)../....."#.D.^.....A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo........+3........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	2016
Entropy (8bit):	5.299165443064675
Encrypted:	false
SSDEEP:	24:Mfg1zZFufGMisp6r6C9QPivpA2cMEaUzEM21:h1zZ4+dsp6bvpkBzEv
MD5:	7A841B8EEFA362B0D201144FB9F188F3
SHA1:	C6396027EAE9E26762A76D96827919FC6796F8B4
SHA-256:	FF65CF071AD9B7D822F2FC92EFE4B985883F58C35DA8306DE603D37C95CC47D1
SHA-512:	DFDA33CEE4FFB611CCEC7FD6E60547DA2488E248F4AF2DEE5DCCB34A4E03A5B19188E81C7C94996DC20FB39AEB4FD076F73678A0F01ACD62DE41DF562700F189
Malicious:	false
Reputation:	low
Preview:	....h...oy retne....'........'............;.y~A..z.B_./..............z.B_./..............oB.8.B_./............#...(...A_./.............k7A..z.B_./.............D.4..z.B_./..........[.i..%..z.B_./.........<...W..J.8.B_./.........,+..._.#.z.B_./..........J..j....z.B_./...........6<\|....8.B_./.........A?.2:...z.B_./..........+.{..'.z.B_./.........)....J:.z.B_./...........2q.....z.B_./...........P....V.z.B_./.........+.U.!..V.z.B_./............P[. q.z.B_./.........!...0.o.z.B_./..........u\]..q.z.B_./.................z.B_./................z.B_./..........o..k...z.B_./.........^.~..z..z.B_./.............o..z.B_./.........Gy.'.h..z.B_./.........F..=z;..z.B_./...........3....z.B_./..........v...q...8.B_./..........C..M.....A_./...........a.....8.B_./..........~.,.4>..z.B_./..........&.S.....z.B_./..........@..x..z.B_./.........=....m...z.B_./..........;/....z.B_./..............q..z.B_./............MV3...z.B_./.........:..N.A...z.B_./............B_./.....jF.,oy retne

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.231053037202612
Encrypted:	false
SSDEEP:	6:mehDdL+q2PWXp+N2nKuAl9OmbnIFUtpfhvG1KWZmwPfh0LVkwOWXp+N2nKuAl9Oe:vX+vaHAahFUtpf5G1KW/PfqV5fHAaSJ
MD5:	8C044E9372A276A72A85278CC8A686A1
SHA1:	107A58F0D3F586A4D1699EEC94FF361B2F021A43
SHA-256:	CD28F73072C2BEE2F85E206D7B054392F86B1113C2A42F506AC4B85F550ABF47
SHA-512:	ED69B631B2E2986FE668515EAA8085732D8357CB402C389A896630D4732E799C1CE98AD20DA78A0ADB4970C22523D16E85DA4460EBB276D986E2E9B3E11CD819
Malicious:	false
Reputation:	low
Preview:	2021/01/04-14:47:36.446 175c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/01/04-14:47:36.450 175c Recovering log #3.2021/01/04-14:47:36.452 175c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	786432
Entropy (8bit):	0.007952317387287845
Encrypted:	false
SSDEEP:	24:TGEXiXKGEXiXJ88hMXiXN8hMXiXTg8hMXiXTg8hMXiXT:TGEiaGEiCsMi9sMiDgsMiDgsMiD
MD5:	B6D6D8092327194522BEE7EC4E9D29B0
SHA1:	248DA8ED1A94F29906C944B56FF9ECEAD7342542
SHA-256:	E2172C50F08FC62BD25EE7D9CE092A9F4BDCD3143D81E38E522A917FF7D6E86F
SHA-512:	573EBD8EE4A387576183D8232B1343E5CB51C4145068E90C144E84E10CD111A673567139E087FA7CE85FE276AD0F3CFF0A3CB2E60EB403735F2AA00520A848D3
Malicious:	false
Reputation:	low
Preview:	VLnk.....?.......Tq.>..j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3024000
Category:	modified
Size (bytes):	24576
Entropy (8bit):	3.3418679533892734
Encrypted:	false
SSDEEP:	96:iR49IVXEBodRBklO9AhFVCPL49IVXEBodRBkRO9whFVCP749IVXEBodRBkde99h9:iGedRBCdedRB25edRB1
MD5:	FEDCE9A6600EE0A02700679215DBD302
SHA1:	9737D81B6AF15C5DC3FCD1E693C40C2374F5D439
SHA-256:	7E6E0325580D00F162FE80BA067CA918AA455FF62A3F2B7775278F70763684FA
SHA-512:	8D5711DBD4C113FCC0894D04D21A452208D18F8D6BD5DAC2822673E1B9DE4C95C2940E350777457D8332FE8DB8CABC1127FEE14A0C0242DEFA726BD445B111EC
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	26196
Entropy (8bit):	3.138904898797884
Encrypted:	false
SSDEEP:	96:m7OhFVCPU949IVXEBodRBkSO9AhFVCPmLR49IVXEBodRBkVO9whFVCPAd49IVXEl:mIiedRBtDLGedRBCJCedRB4
MD5:	C524E58AD8DA2A1262687524DD991266
SHA1:	6BBE0308C6C8B8C891F5C1B93E4EFAF798E61C23
SHA-256:	650889FC5C32787634B77329CFFE5FFFC48234FAEEA3C277FF4C77E27AFE165C
SHA-512:	36E773A80115DD497DE9AAAC17FE81BD280255289BAFD24A0ACF61300143F9C36F1B8C8D0BDA0B6D025D38B18804240C183453B4FEE57CED23E9F707DAF0AD5A
Malicious:	false
Reputation:	low
Preview:	............>:.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................X...h...y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C70C3E20-4EDE-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	36440
Entropy (8bit):	1.8965291336601382
Encrypted:	false
SSDEEP:	96:r7ZsZZ2B9WGStGB0fGbdBMG2GEGCGitGCyLGM:r7ZsZZ2B9WZtNfkBM7tvdtjyLj
MD5:	3B68ABF2EE527FCC730A4C0C7F812FBD
SHA1:	4CA724F6D8782EE06243561892536F162764F814
SHA-256:	FA6FB64086CEEA0BDA6CC1E7C7C0FF712493E93645377ED914C02D8855D176C0
SHA-512:	7AE5366EE55872B17485326E315151DD700BE440227A323FB48A9574A8B91424B434A19DE4CE8E18085A0F050B00F047002980785D301BCD43CFFB038C25ECB4
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C70C3E22-4EDE-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24236
Entropy (8bit):	1.646183197884344
Encrypted:	false
SSDEEP:	48:IwwAGcpr+rGwpa3AG4pQZyGrapbSYrGQpBeAgGHHpce1sTGUp8eOgGzYpmepH8YJ:rwkZ+lQ3g6Z0BSYFj52MkWLUM08YPEpg
MD5:	6E0FC69945B6D3BB68D8C5DA04088162
SHA1:	7699AD24CACC0618404611ACFB74FB1698437E78
SHA-256:	0F3A3627C2A8AA2E1FA2E3DB31105B5F91F3BA320B084F363859B25B394377D7
SHA-512:	FD0AE627EB42D00EEA17110DE8533C443E990A228D6A04FB24C680A02E9FB86D8546C4D4562F0D0F6BB23234F557B6D162787B846FFAFD2F26E8339CDADCDFBB
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD0E0A04-4EDE-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5652418904347922
Encrypted:	false
SSDEEP:	48:Iwq0GcprEGwpa5G4pQ5GrapbSurGQpKtG7HpR1sTGIpG:r9Z8Qb6ZBSuFAMT14A
MD5:	14646EFEFEF36C6364EC5F59CC5EFE73
SHA1:	9A211098A726326E538BC0138F3A51CE75707A80
SHA-256:	F216D8E6D456FD7C8B5E1C6EEB7ACFB905CF30BDB4A3DED103D50CD48C92F7B3
SHA-512:	E8BBA2EA66507FE8F84304015149A4A8F170585CEF493AFB169F873B7BD9584E7E52B03CCF944706A338F6FEC18B5CD278663CB341F8AA33CD34D5AEE410B301
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.088413238530305
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEfBZnWimI002EtM3MHdNMNxOEfaanWimI00ObVbkEtMb:2d6NxOuSZHKd6NxOgSZ76b
MD5:	FDC21FC77F0B08E671C9E9BFB8FB5FA8
SHA1:	00BF2460CD2FFAB17F6B5A54390C9E2CEDA3C5F9
SHA-256:	60073401AC1D79BB396043EF6425A35BBAB959521687E90430848B1A70186AE1
SHA-512:	F6248A2A92361A489A3C49815D8AC72F8F87ADBF6A2F2437ABF71A8741D214F315B52FB4715CD35CFEFF701700817B583900A8303B8F187117C347A618AEEC67
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9caa0241,0x01d6e2eb</date><accdate>0x9caa0241,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9caa0241,0x01d6e2eb</date><accdate>0x9caa294f,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.121954550185793
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kAEvnWimI002EtM3MHdNMNxe2kAGnWimI00Obkak6EtMb:2d6NxrYSZHKd6NxrcSZ7Aa7b
MD5:	4F64D4DD541591535BFE46593DAFA273
SHA1:	DB1181DA9CD10D33A02E60A8E597C1734AD7CA63
SHA-256:	98B05EE16F806BAA616FC8BF59DDCC03AEE0481BFFDC268D5F5E5D145A3326ED
SHA-512:	FC4079E9E4C6C12184DB25D2F432F7EBFE0F30258280F91C5E21271CC640FC24BB94107B0CF370CDB8E8D85993540B7583261E812D94D708A46D582A830BFC4F
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x9ca45cf5,0x01d6e2eb</date><accdate>0x9ca45cf5,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x9ca45cf5,0x01d6e2eb</date><accdate>0x9ca4ab11,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.090439204514051
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLiyrnWimI002EtM3MHdNMNxvLicanWimI00ObmZEtMb:2d6NxvRSZHKd6NxvcSZ7mb
MD5:	5A53BACB1CF44B7640A6B744109E350C
SHA1:	9A0DBE6233518C79A2028B0EA092F01EC03C18C9
SHA-256:	F85D9B0CF2F9E226E930C00AC02D0F2DA8A2848C25EEC98AC93DB405443491BC
SHA-512:	8F9A13B0CE4C975576E92C00473F59698110417F0B7611A10B1F8278C36DA11EDDA4BFA239558D35810C17DBB3F2E47E621CF9606E2B471B0E28E85FBF51BEEC
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x9caa9e62,0x01d6e2eb</date><accdate>0x9caa9e62,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x9caa9e62,0x01d6e2eb</date><accdate>0x9caaec9f,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.112593900538021
Encrypted:	false
SSDEEP:	12:TMHdNMNxiXGanWimI002EtM3MHdNMNxiXtanWimI00Obd5EtMb:2d6NxSSZHKd6NxQaSZ7Jjb
MD5:	375298DB4D9F0B7FBA8772A2F2CDB195
SHA1:	FB8B07C41345C761ED800C5B5C989B7017ABD8BB
SHA-256:	613642A021184067A6C0394D7A5260C4394713BC89ED716279563C8D79055929
SHA-512:	07459E97A8DABD3AFA41262EE306CBF78F463253AF79005BD109B02499A09A1528AD1DFF89CD139DCEA9721BBE995A3D046EE82CA2410CA2B437217833A457FB
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x9ca8065f,0x01d6e2eb</date><accdate>0x9ca8065f,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x9ca8065f,0x01d6e2eb</date><accdate>0x9ca82d6d,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.103312322838588
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwDnWimI002EtM3MHdNMNxhGwtvnWimI00Ob8K075EtMb:2d6NxQaSZHKd6NxQavSZ7YKajb
MD5:	A817EBC4BC62496C0B71FE2FBF2CB493
SHA1:	F214E6BADB4CF6CE0385EF380736B60B553B0EC8
SHA-256:	F6F8C997F25E24CDB99BE4D05DEDCA9C1BFF663F672EEBA3195196FB5E8F627A
SHA-512:	37029394E913EF994670CE14F18B77E643D913ADD7838BE49986511C38DF28B512CCB5D711B801672CEF4CAC9D8364B1A3F5544862223443C4A67C80E22FFAC7
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cab61dc,0x01d6e2eb</date><accdate>0x9cab61dc,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cab61dc,0x01d6e2eb</date><accdate>0x9cab88ea,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.078211566165662
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nBdnnWimI002EtM3MHdNMNx0nBdanWimI00ObxEtMb:2d6Nx0nSZHKd6Nx0faSZ7nb
MD5:	B0288F7C587911A3F971FEA7518C4A5F
SHA1:	227256733E823B724A8784320405BC8333D6C22A
SHA-256:	B94D8969E04B1337F0D1F3A21C466248C948FA1309C1B6CAF7B64C93074037A6
SHA-512:	89DEE1337BE45AAD2689F8C01ED0A6182C50B9EF79AF0F941FDA984FC7B315CF72C446C7CEFC0C554CDCD033F11E708778DA0CA8A4F7CC293B5AFD17D2D8E283
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x9ca93ef1,0x01d6e2eb</date><accdate>0x9ca93ef1,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x9ca93ef1,0x01d6e2eb</date><accdate>0x9ca98d0d,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.127028831419044
Encrypted:	false
SSDEEP:	12:TMHdNMNxxVnWimI002EtM3MHdNMNxxkbnWimI00Ob6Kq5EtMb:2d6Nx3SZHKd6NxgSZ7ob
MD5:	24ECC1A0BAB2481778E683ABA172A967
SHA1:	5FCC66753BE81B32FD811950200C2FE27EDE6134
SHA-256:	052EA3918006048700287BBE3DD4E87ED127258EB5873B879FEF5562DB3B4340
SHA-512:	5323CF898729B654D5DE24376296B32CAD9DB4FCF06109137CB8606654DAC229F7A5BA626F210C20FDBD128C697D64566A35CC76DF9D87B74BE4BE85ECEA3025
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x9ca8a2b8,0x01d6e2eb</date><accdate>0x9ca8a2b8,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x9ca8a2b8,0x01d6e2eb</date><accdate>0x9ca8f0d0,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.0877805184622416
Encrypted:	false
SSDEEP:	12:TMHdNMNxcxnWimI002EtM3MHdNMNxc9nWimI00ObVEtMb:2d6Nx4SZHKd6NxYSZ7Db
MD5:	A6CAE177D301E1645AB4EE57E0534F26
SHA1:	50C27EFD42394A78133C2A5B452ADF3A2236E63C
SHA-256:	461C2F52D442CC8B9A9A8386F6819B1489F06402A37B980DC6AED62C9E8729DC
SHA-512:	AD7DF3F79F968271218C73863F9B8AE8D2DEE04D0C6F6307C914CB5CDCB041C071212060E13096054F1316C97FA2DD9DA1C34B435A742087A3ED5874A9550B9D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ca6a6d2,0x01d6e2eb</date><accdate>0x9ca6a6d2,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ca6a6d2,0x01d6e2eb</date><accdate>0x9ca6cdee,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.105929979580113
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnlZ+oZ+InWimI002EtM3MHdNMNxfnlZ+0WnWimI00Obe5EtMb:2d6NxtAoAISZHKd6NxtA5SZ7ijb
MD5:	8980B55E6DE7C94F5A6F0D1CB0071495
SHA1:	A57BB35AC822D62AB7E515F2ED3C6F1EACE07170
SHA-256:	A524C35BC1BD8CAD3B27608E485842E5EAE6EDA2F3845403C1C679164219C6D3
SHA-512:	FBA2A73856B9750D4E8D17E172F9716EE7BD56763EE372A1AC3D50AEAF87FE79F817ED948AF88BBD3F3FDC398901712F3563344A466CCF104ECFE6686BEFED99
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x9ca7430b,0x01d6e2eb</date><accdate>0x9ca7430b,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x9ca7430b,0x01d6e2eb</date><accdate>0x9ca79135,0x01d6e2eb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\covid-19-consent-form[1].pdf Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PDF document, version 1.7
Category:	dropped
Size (bytes):	142350
Entropy (8bit):	7.961904285817905
Encrypted:	false
SSDEEP:	3072:xPdE6UezxZijR/GYJFQRmjmDVi59Vy8LOy6dr1fU7Lq:xy/ezcjEmDrVy+gdr1M6
MD5:	9D0942F7E61E4E636F8427BFB74762F8
SHA1:	994B9E333737A58F760A5DD5FBE305D6BD576A3A
SHA-256:	966BB3AA1463AAB8A03816B7651487E8019F1237103C939CA5AA801EA34ED873
SHA-512:	334106861093DCF4CB6565CF32F5FA351BDEED7AA606520DB997B3A1C73B1CFC72D3175F8E80050BB7465F5561EDDA58F2A51EE5862EB2D2E2918F244833A25F
Malicious:	false
Reputation:	low
Preview:	%PDF-1.7.%......354 0 obj.<</Linearized 1/L 142350/O 356/E 99940/N 2/T 141979/H [ 561 234]>>.endobj. ..378 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<02C66C198F4E2C41966659328D8934D5><005E05258E4B5342B6476A37DC4F234B>]/Index[354 63]/Info 353 0 R/Length 118/Prev 141980/Root 355 0 R/Size 417/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``.....@$.F...D....\|`.. ...L..3@${..d...,...... R.9.d...bK.......`2.D....@...}.L......a`......3w.....4....endstream.endobj.startxref..0..%%EOF.. ..416 0 obj.<</C 136/Filter/FlateDecode/I 158/Length 146/S 65>>stream..h.b```e``:."..2.2 . .3P.......7...$..Q.:.SF..SG.X............EB...v.N.Z.=A'...Va.%......R.l.Y...e..c\|.t.5....1..L.s.4....2.+x..4v.iF ...`.0. ...endstream.endobj.355 0 obj.<</Lang(en-US)/MarkInfo<</Marked true>>/Metadata 11 0 R/Pages 352 0 R/StructTreeRoot 35 0 R/Type/Catalog/ViewerPreferences 379 0 R>>.endobj.356 0 obj.<</Contents[358 0 R 359 0 R 361 0 R 362 0 R 3

C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1vt89w3_1ykwpmo_4bg.tmp Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	163840
Entropy (8bit):	7.99910104181077
Encrypted:	true
SSDEEP:	3072:w5XlAet0MyQaaSSquO1NsMSz5Nsc3TzmWG67GxjDD/c32g7Q5l1vL3ldtLU/A6cw:w5Xlnt0IaaSLHuzYc3mWG8qDu2PVDLU5
MD5:	CA6C67D8574CCD250D9EE025B85D61C1
SHA1:	EA64A898BA4600F3816CCE8D1A21548CC7A83828
SHA-256:	D807CCCB40A448B22E0590CAE83E2BBC7E9ABAF29B418C93F89524C3AA8D4234
SHA-512:	1926212FA65230FB95708AEA480AA889FED0FD4A6AE229F7E5D71408460628F216A58513CFA695A373E7AD3D1D37B535AA6CC48B1471C5DEE5EF3A1B1C9D5C56
Malicious:	false
Reputation:	low
Preview:	.nI..\...........W...9i..4...eiYEjDu....`....\(L...S...E...v......O^...@...#..g...2;$.k!WV.l.#...G..@..C....Q.@%^...`../c..oOP\!.n?.0........`...WP........%.?..k..c..KE.'.....d.U.p.d\|....g..."...P..qN0r.N....Z...+.Jy.......T..........\|3..?V.P..s3....hq+r5...E...o5z.Ojm..c....f.zfz.....0.=..~..F....."..a../...hx...)qb.S#j..1.&/......z.l..5.~..5r... .a.....z.....Yk..Tp\|...8...0;M.H..........m...\J.>X..n.bF.4....M..M.....i...~9.Av..5.v....(2.v.3...PZ.5......._Y........9.";;e.....lC...a..WV7..R...6...{}.\..J%......[.........H....??......B..-F.R..c..)U.7.z..w..f......:.n..+}$....-Q....0.fd..d\..........0CI]AN.uw.g)....p;'..r..;nZ_).........H....!'....~rM.D3..2}=.....5..ru3..I.CX....$...B...%.^.'.e.....>...LU.O....z.0..Qg~....v..YhmQ.[...%....2.aU6..A...I.....85..6..~n..;O{........_7..B.....Fi..JN4.f.....,`Ef@^.0q.U.M.7P.f....%...~..`.....-..}..]..f.^."M.C...H....w.F.C....>.....w..kW.....i...`!..k\...................s.9...Q.T.V. .I.DHF....\|..

C:\Users\user\AppData\Local\Temp\~DF1019FE9A4EBC86F7.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	34429
Entropy (8bit):	0.36325060561996725
Encrypted:	false
SSDEEP:	48:kBqoxKAuvScS+eIeOeEeVepIepYmgp2AE/:kBqoxKAuvScS+hftsvkE6
MD5:	0DEFDE7B52C35284AE21E2343483A02F
SHA1:	F8FEC2BD8BB30A93B63994943964EDB8B241152A
SHA-256:	17941741DEDFC22B0021BD3C6327CFE8614F1BD52D8F5B9EF768E4E990A0BC5F
SHA-512:	1A51BE452C9BB49B90E6ADFEE40C2E8BF16861490443A1078376191C3329CD0F86E6BD3A4B964DE36759FDEE360DF44B2E7C12884C57172E27F57D0CB181BF2B
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFA74E128184FB97CD.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.28859629902546935
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAP/:kBqoxxJhHWSVSEabP/
MD5:	2DE7F16CE1A315DB1D3C455B22A2FBFE
SHA1:	459EE67D0B7A8D6359FDFCB44F9D6EB1D91F5571
SHA-256:	A62F282E778B317ABA3B866CDBA953E1F019F5AD1010EC3B155F3C9C442039E9
SHA-512:	70331C59CFD99BE7FD28450BAD12D64E44B2888CE82392FBD5B053FEFC8E35809403226F6AE124E6AF1105C227747408DEFD8E274530302DD1207A833A9CA2AF
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFA9BBE2BF5357C066.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13125
Entropy (8bit):	0.5456536982124636
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lodF9lo39lWmuMyrQY:kBqoI4mmuMyrQY
MD5:	3573E8EF7738413080F82280DDE398FF
SHA1:	A48725F0EBB308CB34CE7BDFE01C0A21B673D28A
SHA-256:	DF6C24409626156A9CB53E22097165633D8A42FDC35A9D0D27A5E9608117C142
SHA-512:	2F1F804C3BEF615D0E13816D51587D61AB2368B0896DD1D7777E673E1EC37076983BBF7293B50654BF7235A4F0A7DE20A4EAD6A55A9CB7210AB3C0D91539C31A
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 4, 2021 14:47:12.087325096 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.088609934 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.213767052 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.214027882 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.214431047 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.214575052 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.219453096 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.219711065 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.345633030 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.345666885 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.346256971 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.346307993 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.346349001 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.346385002 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.346409082 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.346457005 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.346463919 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.346468925 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.346714973 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.346755028 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.346791983 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.346827984 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.346873999 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.346923113 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.346931934 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.346937895 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.379740000 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.379851103 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.385624886 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.385756016 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.385889053 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.506139040 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.506180048 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.506207943 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.506273985 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.506414890 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.506479025 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.506504059 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.508246899 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.508397102 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.511434078 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.511620045 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.511873007 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.511990070 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.519399881 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.519438982 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.519475937 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.519511938 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.519557953 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.519598961 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.519602060 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.519632101 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.519634962 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.519707918 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.632788897 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.632842064 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.632880926 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.632941961 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.632961035 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.633011103 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.633024931 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.633030891 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.637511015 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.637552023 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.637653112 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.637697935 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645483017 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645524025 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645618916 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645627022 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645656109 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645662069 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645675898 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645709038 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645728111 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645750999 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645766973 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645786047 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645804882 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645823956 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645844936 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645875931 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645883083 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645912886 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645931959 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645948887 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.645967007 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.645984888 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.646014929 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.646022081 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.646038055 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.646068096 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.646085978 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.646123886 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.674876928 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.759355068 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.759418964 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.759457111 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.759501934 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.759507895 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.759536028 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.759541988 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.759545088 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.759562016 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.759582996 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.759599924 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.759622097 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.759640932 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.759668112 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.759675026 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.759730101 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.764206886 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.764249086 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.764286995 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.764287949 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.764301062 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.764323950 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.764343023 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.764396906 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.771950960 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772007942 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772023916 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772058010 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772176981 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772213936 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772250891 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772284985 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772304058 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772344112 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772360086 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772380114 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772401094 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772418022 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772439003 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772453070 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772474051 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772491932 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772520065 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772548914 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772550106 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772591114 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772605896 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772638083 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772644043 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772680044 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772691965 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772716045 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772732973 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772753954 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772770882 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772806883 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772828102 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772870064 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772886038 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772907019 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772921085 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772943974 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.772959948 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.772980928 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.773000002 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.773015976 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.773031950 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.773060083 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.773073912 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.773102999 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.773117065 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.773137093 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.773154020 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.773183107 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.773190022 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.773224115 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.773236036 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.773260117 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.773274899 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.773313999 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.885917902 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.885998011 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886035919 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886074066 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886085987 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886110067 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886148930 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886157036 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886197090 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886198997 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886218071 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886234999 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886272907 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886274099 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886312962 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886318922 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886333942 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886348963 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886378050 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886400938 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886413097 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886437893 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886452913 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886473894 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886512041 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886522055 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886527061 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886562109 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.886590004 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.886621952 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.890368938 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.890430927 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.890453100 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.890472889 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.890491962 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.890510082 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.890531063 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.890547037 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.890573025 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.890584946 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.890605927 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.890620947 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.890639067 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.890682936 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.890711069 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.890769005 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.898099899 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.898142099 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.898179054 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.898202896 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.898217916 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.898236990 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.898248911 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.898314953 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899080038 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899121046 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899149895 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899182081 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899652958 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899708033 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899724007 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899749041 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899770021 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899787903 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899808884 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899826050 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899842024 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899863005 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899885893 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899898052 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899930000 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899936914 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899950981 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.899975061 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.899996996 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.900019884 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:47:12.900032997 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:47:12.900077105 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:49:01.678293943 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:49:01.679378033 CET	49718	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:49:01.804620028 CET	443	49719	52.4.199.138	192.168.2.3
Jan 4, 2021 14:49:01.804760933 CET	49719	443	192.168.2.3	52.4.199.138
Jan 4, 2021 14:49:01.805634022 CET	443	49718	52.4.199.138	192.168.2.3
Jan 4, 2021 14:49:01.808756113 CET	49718	443	192.168.2.3	52.4.199.138

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 4, 2021 14:47:06.418102980 CET	60831	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:06.469032049 CET	53	60831	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:07.539159060 CET	60100	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:07.590025902 CET	53	60100	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:08.643033028 CET	53195	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:08.699652910 CET	53	53195	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:09.574825048 CET	50141	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:09.625603914 CET	53	50141	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:10.412131071 CET	53023	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:10.460258007 CET	53	53023	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:10.998342037 CET	49563	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:11.061536074 CET	53	49563	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:12.013801098 CET	51352	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:12.075470924 CET	53	51352	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:12.329689980 CET	59349	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:12.386045933 CET	53	59349	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:13.589602947 CET	57084	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:13.637506962 CET	53	57084	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:14.776168108 CET	58823	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:14.824105024 CET	53	58823	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:15.699769974 CET	57568	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:15.747802973 CET	53	57568	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:16.505044937 CET	50540	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:16.556004047 CET	53	50540	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:17.310480118 CET	54366	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:17.366969109 CET	53	54366	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:18.340560913 CET	53034	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:18.388504028 CET	53	53034	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:25.733726978 CET	57762	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:25.781873941 CET	53	57762	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:28.692068100 CET	55435	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:28.749651909 CET	53	55435	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:28.849745989 CET	50713	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:28.911022902 CET	53	50713	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:29.218961000 CET	56132	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:29.270045996 CET	53	56132	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:29.680183887 CET	55435	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:29.737776041 CET	53	55435	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:29.836303949 CET	50713	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:29.896728039 CET	53	50713	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:30.727123976 CET	55435	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:30.783549070 CET	53	55435	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:30.883264065 CET	50713	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:30.934165955 CET	53	50713	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:32.763717890 CET	58987	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:32.774035931 CET	55435	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:32.811863899 CET	53	58987	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:32.830199003 CET	53	55435	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:32.930305958 CET	50713	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:32.989506960 CET	53	50713	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:36.774970055 CET	55435	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:36.833786964 CET	53	55435	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:36.981190920 CET	50713	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:37.040455103 CET	53	50713	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:41.167224884 CET	56579	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:41.215393066 CET	53	56579	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:42.368942022 CET	56579	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:42.406616926 CET	60633	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:42.417171955 CET	53	56579	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:42.454689980 CET	53	60633	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:43.561847925 CET	56579	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:43.561988115 CET	60633	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:43.610208988 CET	53	56579	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:43.618215084 CET	53	60633	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:44.577898979 CET	60633	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:44.634062052 CET	53	60633	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:45.289112091 CET	61292	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:45.348952055 CET	53	61292	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:45.566855907 CET	56579	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:45.623092890 CET	53	56579	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:46.583394051 CET	60633	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:46.631526947 CET	53	60633	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:49.567466021 CET	56579	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:49.623869896 CET	53	56579	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:50.599380016 CET	60633	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:50.655783892 CET	53	60633	8.8.8.8	192.168.2.3
Jan 4, 2021 14:47:55.551045895 CET	63619	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:47:55.607156038 CET	53	63619	8.8.8.8	192.168.2.3
Jan 4, 2021 14:48:11.293414116 CET	64938	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:48:11.357800961 CET	53	64938	8.8.8.8	192.168.2.3
Jan 4, 2021 14:48:22.776915073 CET	61946	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:48:22.837529898 CET	53	61946	8.8.8.8	192.168.2.3
Jan 4, 2021 14:48:52.353032112 CET	64910	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:48:52.400887012 CET	53	64910	8.8.8.8	192.168.2.3
Jan 4, 2021 14:48:54.397243977 CET	52123	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:48:54.456621885 CET	53	52123	8.8.8.8	192.168.2.3
Jan 4, 2021 14:49:59.177113056 CET	56130	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:49:59.236743927 CET	53	56130	8.8.8.8	192.168.2.3
Jan 4, 2021 14:49:59.838038921 CET	56338	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:49:59.894015074 CET	53	56338	8.8.8.8	192.168.2.3
Jan 4, 2021 14:50:00.542464018 CET	59420	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:50:00.598994017 CET	53	59420	8.8.8.8	192.168.2.3
Jan 4, 2021 14:50:01.130486965 CET	58784	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:50:01.189233065 CET	53	58784	8.8.8.8	192.168.2.3
Jan 4, 2021 14:50:01.830955029 CET	63978	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:50:01.889491081 CET	53	63978	8.8.8.8	192.168.2.3
Jan 4, 2021 14:50:02.432353020 CET	62938	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:50:02.491537094 CET	53	62938	8.8.8.8	192.168.2.3
Jan 4, 2021 14:50:03.131162882 CET	55708	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:50:03.187932014 CET	53	55708	8.8.8.8	192.168.2.3
Jan 4, 2021 14:50:06.979376078 CET	56803	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:50:07.036005974 CET	53	56803	8.8.8.8	192.168.2.3
Jan 4, 2021 14:50:08.048151016 CET	57145	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:50:08.104425907 CET	53	57145	8.8.8.8	192.168.2.3
Jan 4, 2021 14:50:12.963251114 CET	55359	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:50:13.022500992 CET	53	55359	8.8.8.8	192.168.2.3
Jan 4, 2021 14:51:57.714752913 CET	58306	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:51:57.771516085 CET	53	58306	8.8.8.8	192.168.2.3
Jan 4, 2021 14:51:59.431060076 CET	64124	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:51:59.479099035 CET	53	64124	8.8.8.8	192.168.2.3
Jan 4, 2021 14:52:04.393757105 CET	49361	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:52:04.458313942 CET	53	49361	8.8.8.8	192.168.2.3
Jan 4, 2021 14:52:09.737108946 CET	63150	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:52:09.793476105 CET	53	63150	8.8.8.8	192.168.2.3
Jan 4, 2021 14:52:11.422224998 CET	53279	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:52:11.481408119 CET	53	53279	8.8.8.8	192.168.2.3
Jan 4, 2021 14:54:23.698586941 CET	56881	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:54:23.699529886 CET	53642	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:54:23.756328106 CET	53	56881	8.8.8.8	192.168.2.3
Jan 4, 2021 14:54:23.757316113 CET	53	53642	8.8.8.8	192.168.2.3
Jan 4, 2021 14:54:26.101527929 CET	55667	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:54:26.152462006 CET	53	55667	8.8.8.8	192.168.2.3
Jan 4, 2021 14:54:26.763997078 CET	54833	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:54:26.812289953 CET	53	54833	8.8.8.8	192.168.2.3
Jan 4, 2021 14:54:59.665366888 CET	62476	53	192.168.2.3	8.8.8.8
Jan 4, 2021 14:54:59.729598045 CET	53	62476	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 4, 2021 14:47:12.013801098 CET	192.168.2.3	8.8.8.8	0x7c7f	Standard query (0)	browardcovidvaccine.com	A (IP address)	IN (0x0001)
Jan 4, 2021 14:54:23.699529886 CET	192.168.2.3	8.8.8.8	0xc66d	Standard query (0)	cdn.onenote.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 4, 2021 14:47:12.075470924 CET	8.8.8.8	192.168.2.3	0x7c7f	No error (0)	browardcovidvaccine.com		52.4.199.138	A (IP address)	IN (0x0001)
Jan 4, 2021 14:47:12.075470924 CET	8.8.8.8	192.168.2.3	0x7c7f	No error (0)	browardcovidvaccine.com		52.3.173.48	A (IP address)	IN (0x0001)
Jan 4, 2021 14:51:57.771516085 CET	8.8.8.8	192.168.2.3	0x6318	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Jan 4, 2021 14:54:23.757316113 CET	8.8.8.8	192.168.2.3	0xc66d	No error (0)	cdn.onenote.net	cdn.onenote.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Jan 4, 2021 14:54:26.152462006 CET	8.8.8.8	192.168.2.3	0x4081	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 4, 2021 14:47:12.346385002 CET	52.4.199.138	443	192.168.2.3	49719	CN=browardcovidvaccine.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Fri Jan 01 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Mon Jan 31 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 4, 2021 14:47:12.346827984 CET	52.4.199.138	443	192.168.2.3	49718	CN=browardcovidvaccine.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Fri Jan 01 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Mon Jan 31 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5960 Parent PID: 792

General

Start time:	14:47:10
Start date:	04/01/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7c4740000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 4608 Parent PID: 5960

General

Start time:	14:47:10
Start date:	04/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5960 CREDAT:17410 /prefetch:2
Imagebase:	0x1f0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: AcroRd32.exe PID: 6016 Parent PID: 4608

General

Start time:	14:47:12
Start date:	04/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 4608
Imagebase:	0x12f0000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: AcroRd32.exe PID: 5596 Parent PID: 6016

General

Start time:	14:47:14
Start date:	04/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 4608
Imagebase:	0x12f0000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: RdrCEF.exe PID: 3924 Parent PID: 6016

General

Start time:	14:47:25
Start date:	04/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Imagebase:	0xaf0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: RdrCEF.exe PID: 720 Parent PID: 3924

General

Start time:	14:47:28
Start date:	04/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5379323792516701677 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5379323792516701677 --renderer-client-id=2 --mojo-platform-channel-handle=1704 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xaf0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: RdrCEF.exe PID: 5344 Parent PID: 3924

General

Start time:	14:47:30
Start date:	04/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=9674270544700556936 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:	0xaf0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: RdrCEF.exe PID: 5988 Parent PID: 3924

General

Start time:	14:47:32
Start date:	04/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8551645402023685635 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8551645402023685635 --renderer-client-id=4 --mojo-platform-channel-handle=1836 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xaf0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: RdrCEF.exe PID: 2224 Parent PID: 3924

General

Start time:	14:47:34
Start date:	04/01/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1692,17007320436955693499,17508388145669597079,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5463412054220947810 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5463412054220947810 --renderer-client-id=5 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xaf0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: AcroRd32.exe PID: 5596 Parent PID: 6016 AcroRd32.exeCOMMON

Execution Graph

Execution Coverage:	13.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 0062B050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B05A

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4c84151277232184f4ece1caff9d03736cb5b2ac7b5af92573ec6003a39c157d
Instruction ID: c167b7542daf6858573f5189dc2cfda649c436be1ab1a95d524171969364458c
Opcode Fuzzy Hash: 4c84151277232184f4ece1caff9d03736cb5b2ac7b5af92573ec6003a39c157d
Instruction Fuzzy Hash: 5B9002B178500812D541B15A4459706011D57D0281FE9C012A0118554DCE958B76B6E1

Uniqueness

Uniqueness Score: -1.00%

Function 0062B003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B01A

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6c23d526ef4fac2f7a5b13f284d03bb29a1195ec95634414390f345823822591
Instruction ID: 77b8fc7dc73da98ae31eac2813c7c14ff687510958d831b7b10667b6ebccd7bb
Opcode Fuzzy Hash: 6c23d526ef4fac2f7a5b13f284d03bb29a1195ec95634414390f345823822591
Instruction Fuzzy Hash: 2AC04CA618E7D45FD70353751C7AAD62F651E93111B9F81D7D080CB4ABC4084AAA9373

Uniqueness

Uniqueness Score: -1.00%

Function 0062B6D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B6DA

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: dfe2004c431489e9de8f4bf325dee0477a038e150051f59701c81b6116e10e0f
Instruction ID: 410af6811aa0a808a77b91965b216cec03cf9dd7cdf36a1e6e8a0aa3957d8b51
Opcode Fuzzy Hash: dfe2004c431489e9de8f4bf325dee0477a038e150051f59701c81b6116e10e0f
Instruction Fuzzy Hash: 499002B138100812D500A59A540D646010957E0341FA9D011A5118555ECEA588B171B1

Uniqueness

Uniqueness Score: -1.00%

Function 0062B2D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B2DA

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b2a3f88fabd24f7c8c3c2fafaa86054f15987965036c94671819ae633b8cb8be
Instruction ID: 595b96017b642c6488b1f85f8e50c5a5e77438745a2681b1e6536427cda0bd29
Opcode Fuzzy Hash: b2a3f88fabd24f7c8c3c2fafaa86054f15987965036c94671819ae633b8cb8be
Instruction Fuzzy Hash: 0D9002B139114812D510A15A8409706010957D1241FA9C411A0918558DCED588B171A2

Uniqueness

Uniqueness Score: -1.00%

Function 0062B1D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B1DA

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7e47dad86479da47a279e07b6665d510168b853dcf6ee2752cb09e064007092b
Instruction ID: f712c09118f7ab06895c2f92f54f831258102bbc0871f5471167a53f10353a1b
Opcode Fuzzy Hash: 7e47dad86479da47a279e07b6665d510168b853dcf6ee2752cb09e064007092b
Instruction Fuzzy Hash: 4C9002B138100C52D500A15A4409B46010957E0341FA9C016A0218654DCE55C87175A1

Uniqueness

Uniqueness Score: -1.00%

Function 0062B750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B75A

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 29a4828123023646854a7bbbcb48b4819c91ec2835c90ceab7cf9a40c6c5dfcf
Instruction ID: afc34d6a9a137a3c542639b049d78ead32c0aee77a63480a3447406eeacafe08
Opcode Fuzzy Hash: 29a4828123023646854a7bbbcb48b4819c91ec2835c90ceab7cf9a40c6c5dfcf
Instruction Fuzzy Hash: F89002B939300412D580B15A540D60A010957D1242FE9D415A0109558CCD55887963A1

Uniqueness

Uniqueness Score: -1.00%

Function 0062B350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B35A

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8d89eae79bf23fd2470a217f38d913a545bfe8558363e65addd2e62fded9dca4
Instruction ID: 5ea3d84543781284fe2818d238d8025bab4dbd911074f17dbebd2ae9ea90420b
Opcode Fuzzy Hash: 8d89eae79bf23fd2470a217f38d913a545bfe8558363e65addd2e62fded9dca4
Instruction Fuzzy Hash: 1C9002F138504492D511A25A4409F0A420D57E0285FE9C016A0148594CCD658972E1A1

Uniqueness

Uniqueness Score: -1.00%

Function 0062B310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B31A

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 94fe9238a1e4ce733e42958529fbd4d5e349bfa2a5c7ed018426c4686885a88d
Instruction ID: 9447b12b62010385d9d3105b563272ad9021b1b32defda6667d104bdddd03be6
Opcode Fuzzy Hash: 94fe9238a1e4ce733e42958529fbd4d5e349bfa2a5c7ed018426c4686885a88d
Instruction Fuzzy Hash: 079002F13C100852D500A15A4419B06010997E1341FA9C015E1158554DCE59CC7271A6

Uniqueness

Uniqueness Score: -1.00%

Function 0062B110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B11A

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 974553679e260ee94105ede55221de7ebabb8bf32f6d2476e9886545627095af
Instruction ID: e9e25a79da4b49eba1e8d7fe18c27522da9b3995b9a6b5d6e8808763a65d6502
Opcode Fuzzy Hash: 974553679e260ee94105ede55221de7ebabb8bf32f6d2476e9886545627095af
Instruction Fuzzy Hash: 699002B138504852D500A55A540DA06010957D0245FA9D011A1158595DCE758871B1B1

Uniqueness

Uniqueness Score: -1.00%

Function 0062B490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B49A

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 27f39f725fbc4ddf4ed6edbdbaf2fb901154df17dbddf5cfe2b0171797882fc8
Instruction ID: ed9f01ea0f7c23bd89b61a385316db703e49615f704c05367ebdf9426b085d9c
Opcode Fuzzy Hash: 27f39f725fbc4ddf4ed6edbdbaf2fb901154df17dbddf5cfe2b0171797882fc8
Instruction Fuzzy Hash: 409002B138100812D500A19A4409706010957D0241FA9C412E0618558DCE95887175B1

Uniqueness

Uniqueness Score: -1.00%

Function 0062B790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0062B79A

Memory Dump Source

Source File: 00000004.00000002.1646332828.000000000062B000.00000020.00000001.sdmp, Offset: 0062B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_62b000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ca610c29548365b14193f4b3733efc108bc5fba3ea4f85a3fdda65596795f4ca
Instruction ID: 24c222a81b5e1cdc8929526d861eb7b7469039e69b5b0c81c8aede3c95c81b83
Opcode Fuzzy Hash: ca610c29548365b14193f4b3733efc108bc5fba3ea4f85a3fdda65596795f4ca
Instruction Fuzzy Hash: 1F9002B138100413D540B15A541D6064109A7E1341FA9D011E0508554CDD55887662A2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://browardcovidvaccine.com/forms/covid-19-consent-form.pdf

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5960 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 4608 Parent PID: 5960

General

Analysis Process: AcroRd32.exe PID: 6016 Parent PID: 4608

General

Analysis Process: AcroRd32.exe PID: 5596 Parent PID: 6016

General

Analysis Process: RdrCEF.exe PID: 3924 Parent PID: 6016

General

Analysis Process: RdrCEF.exe PID: 720 Parent PID: 3924

General

Analysis Process: RdrCEF.exe PID: 5344 Parent PID: 3924

Function 0062B050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0062B003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Function 0062B6D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0062B2D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0062B1D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0062B750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0062B350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0062B310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0062B110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0062B490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 0062B790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON