Analysis Report TETRATECH Covid-19 Stimulus Funds.pdf

ID:	349485
Product:	CloudBasic
Start time:	23:21:18
Start date:	05.02.2021
Sample:	TETRATECH Covid-19 Stimulus Funds.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	63deffe4ac48f83f4ee319d30e6bf44b
SHA1:	e7a4742dd14ad017c56e5a6af04e5ccfc851967b
SHA256:	96355ec73c87cf7e781723c8fe1ebc9a7e91a23cdaeef4d4cc0b65077a9c5814
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0	data	870F4DF62CAAD2F1E9C0F36233B5A850	834304F185877C4695D7BA61387B698B98DCC2F3	BE347C9C396F112FB269CA4512769888EA0D1CF4AA7477606E86EBECC7FA8E45
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0	data	E8DC1353B14EE9DB476EFCA5986B0BD3	DBBDFAC5C9ACAA7A6466FE16B692BF8F07DB1DA5	7E72DAEEFDB3707BA83D7F34EFD2E1529FD93FC0263C3644459F0A84BCC6FFE3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0	data	0BA8CF4C624A1AEF42B930DBC5E7DBF8	43640AD27D0EF7DE0EBB0CDDE9D2B5DA29B0A2BF	5A8F731AC9946DB881E72F2519F0C8F1145DA38C020520579F048B1611AB66EA
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0	data	CAD96B1CFCE45BB81E5DD5BC6A753A03	219E90395A5DB55CAED6393A59FA21DC3DEE170C	3816C75FDC7824296A6D0540CEF106D9BB896343DB886D16541985F498AFE0B1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0	data	2E6C005BB8B89D5E941A38A4EF0FB86F	0043057116B142F370066A22E06A0AA2822D1B31	85D68E53649066D8FC82BC4AE90828BEEAC6B622FCF68F2F2284AE3710AC4AEA
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0	data	2918D9AED71B4EE855A1C9C11BA322CE	C4DB94CF466990E62D4AE624788654B4EE1E2407	93318DB6461CEC460B36CCFF4FEDB48CEDD9D0A717CCF1DEA45DC15346E90DA0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0	data	C2BD328369D1E0948D01DD05AC792713	540ADDA737DA61CE0229E9CB3FBA548318FE5786	5EAF7A32B9A377FD82F6236C26B63FF22256C301634FBC6D094A6B76EE0E5559
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0	data	122397509A7AA7A483CBA27EFDA6415F	77D7D28BEA4C733E2635BD322AE62079E5291858	2102D65972C513E18BDAE647CDA15114CC2D1BDE541CF4AAC130EF3C7FF99597
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0	data	798E18D1A0C1FCDAAA6B50C0893370E9	D86459999E66C13A950B0F6C8F7453DDF6DC9554	B6B7295821A8E317069200EBBE18DFE561685E9CA85CD6CBE67BC926957113A8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0	data	B460FA1D1019C1AE1F08C96F17ABE8B3	4626885B65BFD5129FBF3D6230749C89B2907AA0	91A93983628DCE1DE6AF1B5E49535465421D074C9BE5A9061820354609FAC5C1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0	data	2B5A5CAB2CE2B7EE8C6797F924B9EA95	8EF222C221038EB0E5B1BA04B9CD09174623B7B0	51446491816833D75B4D5AE9E68528725AF3DAE5D25E4727C84BC149847250AB
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0	data	646357742E6092D6B8F5CA1B3172FC7C	005FCABC866F1A90B4D78EF81BEFC4976983B12A	9452AA8B4933C6D0AF32C132A3C96402DC3B1C4EDCBC9A0B738CA17716A31843
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0	data	2C51F450EF17FC8E1A684B0D126D8244	9D4619FF29C6132E2671D8D13CCFB10E0FAE8A0B	C2DE1A1EB2A1B07E0BB3800AA6959F04118BC3F9AFCEC53187F5003865097649
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0	data	205B05A0B02C6623D2A11FD09CDFF280	E44E4D9FF11979CD4458BBC2A667B6DDEE1475D2	68245BF7164F2A0C0E4DFA072D408CB206C72B4CBD23FBDA0DB4BF2EE2FBE3DE
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0	data	E140FAC95F9332AC99F342C890AE5DCE	89CD22AC637334B78B12D544AA033579E5C12F08	7995390247B0653E83077023485C21427D58B0B1FAA607B1486DF93F0E7EF0EE
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0	data	D40F21C29C260738E14C296A3F7F9863	C73C6781748E6C541D8E4DDBE70B6CC86DF48CC4	A05FC658A0A44C1E0C39498E9B6FDF80510FD708703FA673E111486A7CC86DDF
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0	data	647F72554339F87A2267564B2BAB4236	A7514A3C6C0F4364FF9EFA72D4D1545964EA4EA6	C65A79AC0B9DE9D85095C4D469ACD4579AE1575AEAE423770679CC935E5CDDFA
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0	data	F897A048909F4090F7615BDB9F5DBACB	DBE9F98CF953C97773A9995F336426A61D400876	78CC4025C9775B3A2601FCEC2D4A6A92EF09753F4A133AD6B4B88A60D5E9E27A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0	data	8FE7E1FB12665F90F9F776403D3C307A	B2D646BFF1B5DB924948ED5CFC7C4326D5388326	6D54E43715F0D4C92E8A36BE9E3A8871FB2CCD842E8ABE91438D4E2F967C56D5
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0	data	9C864160AAF110E45CDCEA064CAF6B08	C40B306A7369E7A0C8F72B2E2E978EC0BB81949D	5D5C5566011FEA542D4B7F4764EB8307B08389929A85BB9F0C3C77A623AB8B41
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0	data	A5E41434491CA6279E0E183B7722E914	D51496F5CD1A541CD8C4A12A049AED648659BFAD	1CCD04333621C56D6D9F3DF54B6ED91B422574D97601329BD555837D6793A6E0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0	data	15E3539D380587F323F2BBC369C67AA4	09BC03BBC437B53F71328E3857E8A7846127A0E1	B93AF389BE612B64F2A3609C19B68D11556336FD914C856B1B2854DD05BD9C89
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0	data	06706910125C59ECDA90D258DF340A3F	32E781284A8141650C95DC875962F82A49B27E59	F7E0F63FAD8EED8712D716965DE95FE60AFE943ECF93BBBE758D0F7D40C3F6C7
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0	data	5F46861E52E9A9C17F30BDFC6F2CC5EB	7DD67E1B9D2C1305F6D8862C703681F9D9173A22	6A88F8234E74A78776BE182B0FB20CEAA1A4ECC192C854931B6D198C336D4B72
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0	data	211AE48367AF7AA079D72F0DDA8DFF8A	611B6702297C6A9854DB1F08018BB62AE02C83AD	51FB4E503ECF5B7926FDEE1A54E7BFE9A63EAA82EF1AE73A6146F06C69046330
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0	data	8D700EB5B14EF2C9D980B450A4190ADE	77A3F161F317DE7860470CEEA43B6EAE214A005E	C5DC6614919870E6BD390244DF429A8DCA82CF4CB3DBB2E46B64E1C73D8C3683
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0	data	07E1BAB07BC3887BD2665AF4F09E08E0	E3494CE52DB50AB7B55CD441DCBC94496E0D02C4	6890AE4C11C23137F22B1E1ED5381330DF91B9D87251968869198AA2E3748D9C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0	data	4D969F3FFA8E10F37FDDE6A635DE3A50	BE8D3FA32F3D58C9CAEEA4611472A1E78A7C4459	22FFEF0D20BA8878FD4DC6DEFF3CAD21703F9CF19B440711CA80E0122D1AECF0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0	data	79E4231460ED88D769CB1B62AAEF2F6A	2D186EC9DCB9EC2F2D3DD36C03B6B7B66C461AB5	30EE60F29CCB3EDCBD16530CE5084F2D75A2DD4C01AFAEEF6291E0C7C4F8C598
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0	data	891DFE3DFEA76C3D7408EDAD301D8393	BDC9488237004F3A84B8AB43E51258E5D069B938	C6BEE236286B4D103F14C3A44579C5AA39DD70161CB984A393E5CBFDF31E680C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0	data	894AB07F01497C7546E9B58ED3637770	B1CF73BAAB1B6BDDA3AAC93C3F3DB843D22346C7	1BCAE435889FD1C09F58DB947FDB9683FD521C431CA625D41336EF9C9749A914
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0	data	F74935F6999F6C43642A60D2952EC819	C7749EDCC005A42A3937D87B625B698B087DFB57	0AFC088E039256B49A6D10BF3344C92F0574D0FAC0298F1201612A0044498ECB
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0	data	A2E0EFFFBE94970DF87AF6C0E26BDDBD	7F19E4B83FC64A28C55065C66B89E7E53AE2340E	B2571C6EBE78839A304BE20FAFE4CEDCA8A6A62257996173B059D16B415F5810
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0	data	192BEEE74BC763A799DA123764464461	7489B293EA113D26EB013CD28C6F12947195D8AF	0B44636C059D98972F6430E8EAD4377EE06D33AE3C55AA1ABF8248B6B37CA701
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0	data	08B970B3B435B2E60DCCA71B31EF742B	2F61EFF81BC2CA241AF8ABDB7A03D3C7F9BB4217	B1944F0E31D2D30052F88B42BE43A8A13DF30E9E204888D69C6E598F6B4B71BA
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0	data	837D263D7F761AF50735A8478483197F	0D1C53E1F2BBB922200725D0EDEF9173602A2D35	7C39DC0630384E49B371EA838C49A8F783ABF58EFF18C099DD35BBDAC02C72D3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0	data	E628D039C896716C587C882C63E63B72	70211ED46D1A9012CB867AD0BE54004F44CCC988	5F295B975A8CEB6B7D3C82582021DB8CB72C164A5230B70EE91DE91DF51ECBA3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0	data	F813BB7C1EC840D70FA9CBFC5F8E3C29	DA9084BBC76A73139104B1B7531BBDCA95047C97	A2AE3F3B6441AED873FB0A145BBC80FCC4380FFF707D19A0FB8F5C046D42A699
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0	data	C2DC298BA7FE2A0A70B56099A8E3D540	F7EE9F7F5E27C27F4E98FF1CF8568A01E8269AB6	293B6820876E3F0AA1528F33217205323C578A3C32D91288F0E602AFA1DAF668
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index	Maple help database	A6C903BEE0EFA8C233DE8CED640F7450	D954794107EA0E9057EAFB8A8195088ED3DEAA14	F454CDAA052C9EFD314DBE8F5511B1F7415147C8C04BD1384F834C84F6224612
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	DD6BA346B16830A6F03222C267935A30	A26D588E992F200A65F358AD414B709F0AD20118	090FA9277C99916F6F5CD57FC8B36D08B26B308A245C79E225BE7021A781908A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links	data	05C31564F5D129E37A363E150A042D4D	FA62CA0C75E503D2C5E83FE48A9846CD48FFF480	64044EF0EAA6C2CCA1F6D5E32B8C1AD305D642A8AF7F91C89CACC2BF8642C5D1
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210205222213Z-184.bmp	PC bitmap, Windows 3.x format, 117 x -152 x 32	7C9C92F828931D19D42758564757DC76	9EEF4FDC5B6EC32732D8B32C284E88E767AFBF98	F37BBDBC02017A44DAE873D64D009658AE1E5D15360201CAB40AEA726767BF7E
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3024000	5FC1D46148FC1567599DBF6263AC3684	36A8AB1FAA422D5E9994D83EB9210330EF06F539	4D54524F8A26953FF4C634551BA49E7291BCE356EAF5C6C609D45D6BC539CCF9
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	data	E748A287944233A519D84AD13B0E4661	004D199109B64388073CAD4F131B6A756475C5AD	FE57E6B3CB81B778C70AF5267FD05F6AE610A9AE44798B2BD292644C68AC0F7E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6296	PostScript document text	159ACCAFBA209FBC642499809CE2B513	6D94F57B63CE3BE71EDFB081ECB848B7D06EB2BE	ACE286E29DFDB19080E514F3447F46E0E4ED658263AC209A9B4BBCECC36139D3
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.6296	PostScript document text	63B24EA3A13EAC476D6309BB202EF459	89502C393549C20C933E4553F51F74F3DBE085EF	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	13EFFC05E5ED3D13B62C54D0F5129D83	D2E816373C11A3D3395362BDD89F4B924CEDC73D	9E7FB280A24023207FABFD42DF25B21E235A9A85D9C08D445C3CEDAD9B24DADB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\my-site-105523-100173.weeblysite[1].xml	ASCII text, with very long lines, with no line terminators	4DD791E3F6C981BB0502C56D854EEC68	626DC166D746B38DEC7A176D9B825B30FCE6C328	68D85C53808920AEA77FFFF8CC321FCC1FAA91BB4F362439388C30D1A0D5246B
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B9DB4C88-6800-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	02360F57BC9B79208A09994E6E33F1D0	0E1911D9A0383B6C66392731B0D8212CF2D0B487	112C60F617232151E660843BBBBB7ABA15B0D374A032CAE186ED741722FEA310
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9DB4C8A-6800-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	318DF9F5A3BDA4EC404C3D0B93B8D5D4	B0C558F2782B8CE0AECD0B3AD90FCC68375E5338	24A2A6004A9E2ADE32498AD4340ED4FFA728F296B2A0E0649E28FEBAC7812F8F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C183E3BA-6800-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	E6C72D5E3E9EF8F533CC793439459EC0	C35C45476357A5AA003D775A4DBD683BF0294F99	4E6B90978E206E603A1FDA35EFF3FA3FBB864AB98BD7E6E4320CC1C6D8A433D0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	3ABCC5912E9AC5CCB67664F2010E8A86	718E2934EAF493BC6076B47B70C3A5FA3DF0B104	CD360146AC79F1C1A3F2EE56680ABD5CDE2E4A441E5E72A74614A6B49F220825
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	04A9213472F8DE83124EDE2CB73A7AC9	CC71A2B40BA4435D79E987662FBA07C236714744	E4871CF76447890A94A1A0969AC6B874604E732279C6DBED1B350B3566BF9110
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	BED26AE05E6CFBF28D8EDBDAFA30F478	0208F67EC27E584E4EF5A8ACA2C4BFBD20968C5E	2846A7A4A9FC4363458956AFEE9E0B9EE4AD600381D391BAE887993FC50EC7E1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	EE62BE15F3E798422A010183E3FA46D3	2A79456F7069F1243E0C65D5C330E0A2BF7CC68B	B28DFECFEA2F1B794632132CE7920B8F0B7D2B88F0F693381568A388B0BD695C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	5F444512635DDDBA9B438262E2772F65	64BA639BB5DF74950D3CC1D8185103F7145B1952	11EAE059F2909FCB82EDE19EAA3A9D020E52FBE18DB14D974E596BC75A66516E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	BC2EA640CB155CD158D2C3BD983363A3	11D96AC255820AB609FA5FF9AA3943C3FDB6D821	6DEC5A64757695824D92160A5B81AB5670BE7388299B1D68860DC2900A809264
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	80ABDDB06CD04717C7675CF2B1918E3B	12C03383CCF9FBFE68C4BF7711897027B55C2C91	0B6E4FCA31634641970031126CBA9CBEF0E848D7D7127E352296F929FDDD1CB8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	CEFE86A689F53D547997154D8DA7B3E4	47C5B0E5268699BD9EEFC23B286BBBE36263E7F8	C5FC01BAE71F6D3658CF98A1BC6F17B8D39CA2986ACFFE608072D8C983AFE546
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	2A6568194E35650D78383B9299AA5904	CDFEE76B6D0AFCB2B6E99C98126BA70B59BE7913	B9E598FF6D89D8A124A40667E29401CA52DBEBE8A4940C2F4CE56DD8B7E650C8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	78BB90BEE9E6EC5BFCE65643D11E6DD0	7EAE0D2A94ADEF9F99AEDE82174FDC9DC566445B	DC1AACA482B0E072ED320C70B45492BB738B396383F6A6EEF723CB37A17BD0CF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\FVZBQN4S.htm	HTML document, ASCII text, with very long lines	2133F3DF63FE194A5CC3125CDC22FF00	E617454208C45AD3B9FFFBEAAE1DC936844B21B2	ACDBD769356C9D217AACBA01C0473F5145DD9F930E2287376BD8BC5ACB5A08EB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\site.19e2b99b084b05df36a8.en[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	A285C062D9C60CF462DAF5E2C7096388	9A5809428AB807DA9A290510B5317CC91355D094	FE3371FC27681F7F21A6EAD605AD304A73E76A2C5CF4A6F4D37C5EBDBC024DC7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\cko.e4d7b6c3391e50ded088[1].css	ASCII text, with very long lines	CB016791F22B8B372133B9CBE95A2E82	9A5B3811D4783B3A989C16DD3170DD15EFA53EA0	85B7A24005868A38ECA79E80C1EC8081CC2AC4DCECD4EC3844D534FA3C659B5A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\snowday262[1].js	ASCII text, with very long lines	99BBE560926E583B8E99036251DEB783	8D81B73AE06F664F9D9E53DD5829A799BF434491	648E766BF519673F9A90CC336CBECEDE80DCBE3419B43D36ECBB25D88F5584A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	4D27526198AC873CCEC96935198E0FB9	B98D8B73AD6A0F7477C3397561B4AAB37BF262AA	40A2146151863BCF46C786D596E81A308D1B0D26D74635BE441E92656F29B1B4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\site.19e2b99b084b05df36a8[1].css	ASCII text, with very long lines	E7972106050BE9746F730AF053CE7D92	63D43128C994625807F2CB82964113C8EBE0DF8C	8991E81F3C2FE38E02BFE42F80A5B8FCF98A18C399FB6C9A6369B2398A1872C3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\imports.en.5190980851c8e63fd7692575cadd2295[1].js	ASCII text, with no line terminators	5190980851C8E63FD7692575CADD2295	BFE342608CD0DBB2DE311596662ADEB4C3C21D8A	2ADADFDE7AD71A7C45311ED109CA8490556DB79CBC331B0E28C747A543C89CFA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\runtime.4c27edfb51f63cc2e6e5.en[1].js	ASCII text, with very long lines, with no line terminators	B25B52EADE9D1B51B1B5442673E57AD1	10E9D825A5C5AB61705EC376B254D22CEF76BC9F	F12BB68015C11969976246FAF720C8085271555CFDE5B05E3BC9A189CDA4D186
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\system.min.b9e210033fc5b0895164e282cbf89d5a[1].js	ASCII text, with very long lines, with no line terminators	BE83CD0E58A98300BA6A32F4B4FDBE61	FA067C68357EA6755E99C9B40DB29F54529BBDAD	080BDC2202C77FAD49515BAAEFFF19D76DA0F4DFC234895038CDB46EAE069447
C:\Users\user\AppData\Local\Temp\~DF4E0B9E52D160D036.TMP	data	A3397EBF2383D28938E4E7BF06AA0EA6	42394487BE37E9F3DF59A75A7D59A12C09BA097F	F225A41D0833AFE16AE16666D69911C579649B66DD41DA9BC090675195F55A33
C:\Users\user\AppData\Local\Temp\~DF8168651D7F77EBF4.TMP	data	DDC94190FBDBBAF0B4BDBB68C2EC968F	FFA16D4E7AF339DC61C5876940DD5CE494F88990	FC35199F3D8E1FEBFC8307F599AD462F4C56F6D6A7E7406E4A6D2444D22E752E
C:\Users\user\AppData\Local\Temp\~DFCE6F74C9E03934EF.TMP	data	B96035CECEECFCA9EF5C6C7ABCEC49FB	BAF510D50463E9859674507676D566B1817A5C8D	E3DC3015BF6FE2774BBECA1DA47D335DA6F2D5FA15C00EA7DA92D44D56DAE7FB

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 199.34.228.96:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.96:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.212.183.219:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.212.183.219:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.115.50.110:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.115.50.110:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.115.50.110:443 -> 192.168.2.4:49780 version: TLS 1.2

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 151.101.1.46 151.101.1.46
Source: Joe Sandbox View	IP Address: 151.101.1.46 151.101.1.46
Source: Joe Sandbox View	IP Address: 80.0.0.0 80.0.0.0

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Found strings which match to known social media urls

Source: msapplication.xml0.18.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x90ded133,0x01d6fc0d</date><accdate>0x90ded133,0x01d6fc0d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.18.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x90ded133,0x01d6fc0d</date><accdate>0x90e13143,0x01d6fc0d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.18.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x90e5f66a,0x01d6fc0d</date><accdate>0x90e5f66a,0x01d6fc0d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.18.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x90e5f66a,0x01d6fc0d</date><accdate>0x90e5f66a,0x01d6fc0d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.18.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x90e8587f,0x01d6fc0d</date><accdate>0x90e8587f,0x01d6fc0d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.18.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x90e8587f,0x01d6fc0d</date><accdate>0x90e8587f,0x01d6fc0d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: weeblysite.com

Urls found in memory or binary data

Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000003.804623464.000000000B3A7000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000003.804623464.000000000B3A7000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/(15)
Source: AcroRd32.exe, 00000001.00000003.804623464.000000000B3A7000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/_1
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/4
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/-29/
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#8-02-29/m#D
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#y#
Source: AcroRd32.exe, 00000001.00000003.804623464.000000000B3A7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000003.804623464.000000000B3A7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/bo
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#V
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#b#
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type##nifestItem#r
Source: AcroRd32.exe, 00000001.00000003.804623464.000000000B3A7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: msapplication.xml.18.dr	String found in binary or memory: http://www.amazon.com/
Source: site.19e2b99b084b05df36a8.en[1].js.19.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: msapplication.xml1.18.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.18.dr	String found in binary or memory: http://www.live.com/
Source: AcroRd32.exe, 00000001.00000003.804623464.000000000B3A7000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000003.804623464.000000000B3A7000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/?n
Source: msapplication.xml3.18.dr	String found in binary or memory: http://www.nytimes.com/
Source: AcroRd32.exe, 00000001.00000002.806893936.0000000007920000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.806893936.0000000007920000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.806893936.0000000007920000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.806893936.0000000007920000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.806893936.0000000007920000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.806893936.0000000007920000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.806893936.0000000007920000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.806893936.0000000007920000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: msapplication.xml4.18.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.18.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.18.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.18.dr	String found in binary or memory: http://www.youtube.com/
Source: AcroRd32.exe, 00000001.00000002.822702941.000000000CEC5000.00000004.00000001.sdmp	String found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.821877638.000000000CC18000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.821877638.000000000CC18000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/A
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/jM
Source: AcroRd32.exe, 00000001.00000002.822563679.000000000CE8C000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.822563679.000000000CE8C000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comH
Source: AcroRd32.exe, 00000001.00000002.822563679.000000000CE8C000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comRLW
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://cdn3.editmysite.com/app/checkout/assets/checkout/css/cko.e4d7b6c3391e50ded088.css
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://cdn3.editmysite.com/app/checkout/assets/checkout/imports.en.5190980851c8e63fd7692575cadd2295
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://cdn3.editmysite.com/app/checkout/assets/checkout/js/system.min.b9e210033fc5b0895164e282cbf89
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://cdn3.editmysite.com/app/website/
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://cdn3.editmysite.com/app/website/css/site.19e2b99b084b05df36a8.css
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://cdn3.editmysite.com/app/website/js/runtime.4c27edfb51f63cc2e6e5.en.js
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://cdn3.editmysite.com/app/website/js/site.19e2b99b084b05df36a8.en.js
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://cdn4.editmysite.com
Source: site.19e2b99b084b05df36a8.en[1].js.19.dr	String found in binary or memory: https://f.fontdeck.com/s/css/js/
Source: site.19e2b99b084b05df36a8.en[1].js.19.dr	String found in binary or memory: https://feross.org
Source: site.19e2b99b084b05df36a8[1].css.19.dr	String found in binary or memory: https://getbootstrap.com/)
Source: site.19e2b99b084b05df36a8[1].css.19.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://images.editor.website
Source: AcroRd32.exe, 00000001.00000002.811859867.0000000009175000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000002.811859867.0000000009175000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com(
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://js.squareup.com/v2/paymentform
Source: AcroRd32.exe, 00000001.00000002.805992709.000000000510D000.00000004.00000020.sdmp	String found in binary or memory: https://my-site-105523-100173.weebl
Source: AcroRd32.exe, 00000001.00000002.821877638.000000000CC18000.00000004.00000001.sdmp, FVZBQN4S.htm.19.dr	String found in binary or memory: https://my-site-105523-100173.weeblysite.com
Source: AcroRd32.exe, 00000001.00000002.806360065.00000000057D0000.00000002.00000001.sdmp, AcroRd32.exe, 00000001.00000002.819505702.000000000B13F000.00000004.00000001.sdmp, ~DF4E0B9E52D160D036.TMP.18.dr	String found in binary or memory: https://my-site-105523-100173.weeblysite.com/
Source: my-site-105523-100173.weeblysite[1].xml.19.dr	String found in binary or memory: https://my-site-105523-100173.weeblysite.com/"
Source: TETRATECH Covid-19 Stimulus Funds.pdf	String found in binary or memory: https://my-site-105523-100173.weeblysite.com/)
Source: AcroRd32.exe, 00000001.00000002.819505702.000000000B13F000.00000004.00000001.sdmp	String found in binary or memory: https://my-site-105523-100173.weeblysite.com/:
Source: {B9DB4C8A-6800-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://my-site-105523-100173.weeblysite.com/Root
Source: AcroRd32.exe, 00000001.00000002.819505702.000000000B13F000.00000004.00000001.sdmp	String found in binary or memory: https://my-site-105523-100173.weeblysite.com/Y
Source: AcroRd32.exe, 00000001.00000002.819505702.000000000B13F000.00000004.00000001.sdmp	String found in binary or memory: https://my-site-105523-100173.weeblysite.com/k
Source: AcroRd32.exe, 00000001.00000002.820173613.000000000B342000.00000004.00000001.sdmp	String found in binary or memory: https://my-site-105523-100173.weeblysite.com/p
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://sandbox.square.online
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://square.online
Source: site.19e2b99b084b05df36a8.en[1].js.19.dr	String found in binary or memory: https://use.typekit.net
Source: AcroRd32.exe, 00000001.00000002.811408834.00000000087DD000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://www.editmysite.com
Source: FVZBQN4S.htm.19.dr	String found in binary or memory: https://www.weebly.com
Source: imagestore.dat.19.dr, FVZBQN4S.htm.19.dr	String found in binary or memory: https://www.weebly.com/favicon.ico

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 199.34.228.96:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.96:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.212.183.219:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.212.183.219:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.115.50.110:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.115.50.110:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.115.50.110:443 -> 192.168.2.4:49780 version: TLS 1.2

System Summary:

Classification label

Source: classification engine

Classification label: clean1.winPDF@17/74@8/6

Clickable URLs found in PDF

Source: TETRATECH Covid-19 Stimulus Funds.pdf

Initial sample: https://my-site-105523-100173.weeblysite.com/

Creates files inside the user directory

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Creates temporary files

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R2uw3yd_7nbm5d_4uw.tmp

Jump to behavior

Reads ini files

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\TETRATECH Covid-19 Stimulus Funds.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\TETRATECH Covid-19 Stimulus Funds.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,5754072549746782878,9114216532001329358,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=3954240331908333317 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3954240331908333317 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,5754072549746782878,9114216532001329358,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=10276253575640265967 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,5754072549746782878,9114216532001329358,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14130125459791333574 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14130125459791333574 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,5754072549746782878,9114216532001329358,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8407246014169871722 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8407246014169871722 --renderer-client-id=5 --mojo-platform-channel-handle=2480 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://my-site-105523-100173.weeblysite.com/
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2740 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\TETRATECH Covid-19 Stimulus Funds.pdf'			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://my-site-105523-100173.weeblysite.com/			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,5754072549746782878,9114216532001329358,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=3954240331908333317 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3954240331908333317 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,5754072549746782878,9114216532001329358,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=10276253575640265967 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,5754072549746782878,9114216532001329358,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14130125459791333574 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14130125459791333574 --renderer-client-id=4 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:1			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,5754072549746782878,9114216532001329358,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8407246014169871722 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8407246014169871722 --renderer-client-id=5 --mojo-platform-channel-handle=2480 --allow-no-sandbox-job /prefetch:1			Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2740 CREDAT:17410 /prefetch:2			Jump to behavior

Uses Rich Edit Controls

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

PDF has a JavaScript or JS counter value indicative of goodware

Source: TETRATECH Covid-19 Stimulus Funds.pdf	Initial sample: PDF keyword /JS count = 0
Source: TETRATECH Covid-19 Stimulus Funds.pdf	Initial sample: PDF keyword /JavaScript count = 0

PDF has an EmbeddedFile counter value indicative of goodware

Source: TETRATECH Covid-19 Stimulus Funds.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion:

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Source: AcroRd32.exe, 00000001.00000002.822117594.000000000CC83000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 1_2_04E0B1D0 LdrInitializeThunk,

1_2_04E0B1D0

HIPS / PFW / Operating System Protection Evasion:

May try to detect the Windows Explorer process (often used for injection)

Source: AcroRd32.exe, 00000001.00000002.806360065.00000000057D0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.806360065.00000000057D0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.806360065.00000000057D0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.806360065.00000000057D0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock