Analysis Report https://templatelab.com/ada-rehabilitaion-act-coronavirus/

Overview

General Information

Sample URL:	https://templatelab.com/ada-rehabilitaion-act-coronavirus/
Analysis ID:	357038
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Signatures

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 104.26.12.36:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.36:443 -> 192.168.2.3:49708 version: TLS 1.2

Networking:

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x3e1a6b76,0x01d70a98</date><accdate>0x3e1a6b76,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x3e1a6b76,0x01d70a98</date><accdate>0x3e1ccdbb,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x3e2b1c0a,0x01d70a98</date><accdate>0x3e2b1c0a,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x3e2b1c0a,0x01d70a98</date><accdate>0x3e2b1c0a,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x3e34a537,0x01d70a98</date><accdate>0x3e34a537,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x3e34a537,0x01d70a98</date><accdate>0x3e37078a,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: templatelab.com

Source: AcroRd32.exe, 00000006.00000003.239652748.000000000BF43000.00000004.00000001.sdmp	String found in binary or memory: http://w.a
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp, AcroRd32.exe, 00000006.00000003.267703684.000000000BBC4000.00000004.00000001.sdmp	String found in binary or memory: http://www.askjan.org/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: http://www.askjan.org/)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: http://www.askjan.org/xm
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: AcroRd32.exe, 00000006.00000002.1651921116.00000000074B0000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: AcroRd32.exe, 00000006.00000003.274224374.000000000B9CD000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000006.00000003.274224374.000000000B9CD000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/)m
Source: AcroRd32.exe, 00000006.00000003.274224374.000000000B9CD000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/9l
Source: AcroRd32.exe, 00000006.00000003.267703684.000000000BBC4000.00000004.00000001.sdmp	String found in binary or memory: https://askjan.org/topics/COVID-19.cfm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://askjan.org/topics/COVID-19.cfm)
Source: AcroRd32.exe, 00000006.00000003.267703684.000000000BBC4000.00000004.00000001.sdmp	String found in binary or memory: https://askjan.org/topics/COVID-19.cfm2.
Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp, ~DF607C8DFA7F9E2A87.TMP.1.dr	String found in binary or memory: https://templatelab.com/ada-rehabilitaion-act-coronavirus/
Source: {679099D5-768B-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://templatelab.com/ada-rehabilitaion-act-coronavirus/Root
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/contact-tracing-nonhealthcare-workplaces.html)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/critical-workers/implementing-safety-practices.h
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/general-business-faq.html)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/high-risk-workers.html?deliveryName=USCDC_2067-D
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/index.html)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/businesses-employers.html)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/testing-non-healthcare-workplaces.
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/downloads/Essential-Critical-Workers_Dos-and-Donts.pdf)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html#
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html/
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/people-at-higher-risk.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/people-at-higher-risk.html)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/pregnancy-breastfeeding.html
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/pregnancy-breastfeeding.html&
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/pregnancy-breastfeeding.html)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/vaccines/different-vaccines/mrna.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/vaccines/different-vaccines/mrna.html)
Source: AcroRd32.exe, 00000006.00000003.236561521.0000000009B28000.00000004.00000001.sdmp, ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.ecfr.gov/cgi-bin/text-idx?SID=28cadc4b7b37847fd37f41f8574b5921&mc=true&node=pt29.4.1630&
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/chart-risk-factors-harassment-and-responsive-strategies)
Source: AcroRd32.exe, 00000006.00000003.274224374.000000000B9CD000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/coronavirus
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/coronavirus)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/disability-discrimination)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/employers/small-business/harassment-policy-tips)
Source: AcroRd32.exe, 00000006.00000003.236561521.0000000009B28000.00000004.00000001.sdmp, ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/enforcement-guidance-disability-related-inquiries-and-medical-exa
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-
Source: AcroRd32.exe, 00000006.00000003.236561521.0000000009B28000.00000004.00000001.sdmp, ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/enforcement-guidance-unlawful-disparate-treatment-workers-caregiv
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/laws/guidance/legal-rights-pregnant-workers-under-federal-law
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/legal-rights-pregnant-workers-under-federal-law)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q1
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q5
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q6
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q7
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#se
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/qa-understanding-waivers-discrimination-claims-employee-severance
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplaceJ
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace_
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/select-task-force-study-harassment-workplace#_Toc453686319)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/sites/default/files/2020-04/pandemic_flu.pdf)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q1
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q1)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q17
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q17)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q18=
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q1~=5
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q20
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q20)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q9
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q9)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q9L
Source: AcroRd32.exe, 00000006.00000003.236561521.0000000009B28000.00000004.00000001.sdmp, ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/wysk/message-eeoc-chair-janet-dhillon-national-origin-and-race-discrimination-d
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.fda.gov/medical-devices/emergency-situations-medical-devices/faqs-diagnostic-testing-sar
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.fda.gov/vaccines-blood-biologics/vaccines/emergency-use-authorization-vaccines-explained
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.govinfo.gov/content/pkg/CFR-2011-title29-vol4/xml/CFR-2011-title29-vol4-sec1630-10.xml)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.govinfo.gov/content/pkg/CFR-2012-title29-vol4/xml/CFR-2012-title29-vol4-sec1630-2.xml)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.govinfo.gov/content/pkg/CFR-2019-title29-vol4/xml/CFR-2019-title29-vol4-sec1630-14.xml)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.govinfo.gov/content/pkg/USCODE-2018-title42/html/USCODE-2018-title42-chap126-subchapI-se
Source: AcroRd32.exe, 00000006.00000003.267703684.000000000BBC4000.00000004.00000001.sdmp	String found in binary or memory: https://www.osha.gov/SLTC/covid-19/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.osha.gov/SLTC/covid-19/)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: unknown	HTTPS traffic detected: 104.26.12.36:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.36:443 -> 192.168.2.3:49708 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: clean0.win@17/61@1/3

Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-under-ada#general
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/select-task-force-study-harassment-workplace#_Toc453686319
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/disability-discrimination
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.osha.gov/SLTC/covid-19/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q1
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/legal-rights-pregnant-workers-under-federal-law
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/sites/default/files/2020-04/pandemic_flu.pdf
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/critical-workers/implementing-safety-practices.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: http://www.askjan.org/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/pregnancy-breastfeeding.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q9
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/businesses-employers.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.ecfr.gov/cgi-bin/text-idx?sid=28cadc4b7b37847fd37f41f8574b5921&mc=true&node=pt29.4.1630&rgn=div5#se29.4.1630_12
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/cfr-2012-title29-vol4/xml/cfr-2012-title29-vol4-sec1630-2.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q7
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/vaccines/different-vaccines/mrna.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/downloads/essential-critical-workers_dos-and-donts.pdf
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/CFR-2019-title29-vol4/xml/CFR-2019-title29-vol4-sec1630-14.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-under-ada#requesting
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/people-at-higher-risk.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://askjan.org/topics/COVID-19.cfm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.fda.gov/medical-devices/emergency-situations-medical-devices/faqs-diagnostic-testing-sars-cov-2
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.osha.gov/sltc/covid-19/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/index.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/wysk/message-eeoc-chair-janet-dhillon-national-origin-and-race-discrimination-during-covid-19
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#secB
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://askjan.org/topics/covid-19.cfm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/contact-tracing-nonhealthcare-workplaces.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/high-risk-workers.html?deliveryName=USCDC_2067-DM29601
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-unlawful-disparate-treatment-workers-caregiving-responsibilities
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/employers/small-business/harassment-policy-tips
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/CFR-2012-title29-vol4/xml/CFR-2012-title29-vol4-sec1630-2.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-under-ada#undue
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/select-task-force-study-harassment-workplace#_toc453686319
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/cfr-2011-title29-vol4/xml/cfr-2011-title29-vol4-sec1630-10.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/high-risk-workers.html?deliveryname=uscdc_2067-dm29601
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q20
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/testing-non-healthcare-workplaces.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/USCODE-2018-title42/html/USCODE-2018-title42-chap126-subchapI-sec12112.htm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/general-business-faq.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#secb
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/coronavirus
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/chart-risk-factors-harassment-and-responsive-strategies
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/CFR-2011-title29-vol4/xml/CFR-2011-title29-vol4-sec1630-10.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q6
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q11
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q5
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/downloads/Essential-Critical-Workers_Dos-and-Donts.pdf
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.ecfr.gov/cgi-bin/text-idx?SID=28cadc4b7b37847fd37f41f8574b5921&mc=true&node=pt29.4.1630&rgn=div5#se29.4.1630_12
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q12
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/cfr-2019-title29-vol4/xml/cfr-2019-title29-vol4-sec1630-14.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-disability-related-inquiries-and-medical-examinations-employees
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q17
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q16
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q19
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q18
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q17
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.fda.gov/vaccines-blood-biologics/vaccines/emergency-use-authorization-vaccines-explained
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/uscode-2018-title42/html/uscode-2018-title42-chap126-subchapi-sec12112.htm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/qa-understanding-waivers-discrimination-claims-employee-severance-agreements

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFDA36E2CF24B83655.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4600 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 2024
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 2024
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=9047234563143899772 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13126402487251577759 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13126402487251577759 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13365710013370324663 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13365710013370324663 --renderer-client-id=4 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15977986577334180066 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15977986577334180066 --renderer-client-id=5 --mojo-platform-channel-handle=2164 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4600 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 2024	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 2024	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=9047234563143899772 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13126402487251577759 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13126402487251577759 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13365710013370324663 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13365710013370324663 --renderer-client-id=4 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15977986577334180066 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15977986577334180066 --renderer-client-id=5 --mojo-platform-channel-handle=2164 --allow-no-sandbox-job /prefetch:1	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

File opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfg

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Source: AcroRd32.exe, 00000006.00000003.279580368.000000000BD4A000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 6_2_04943490 LdrInitializeThunk,

6_2_04943490

HIPS / PFW / Operating System Protection Evasion:

Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.12.36	unknown	United States		13335	CLOUDFLARENETUS	false
80.0.0.0	unknown	United Kingdom		5089	NTLGB	false

Private

IP
192.168.2.1

Contacted Domains

Name	IP	Active
templatelab.com	104.26.12.36	true

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 104.26.12.36:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.36:443 -> 192.168.2.3:49708 version: TLS 1.2

Networking:

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x3e1a6b76,0x01d70a98</date><accdate>0x3e1a6b76,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x3e1a6b76,0x01d70a98</date><accdate>0x3e1ccdbb,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x3e2b1c0a,0x01d70a98</date><accdate>0x3e2b1c0a,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x3e2b1c0a,0x01d70a98</date><accdate>0x3e2b1c0a,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x3e34a537,0x01d70a98</date><accdate>0x3e34a537,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x3e34a537,0x01d70a98</date><accdate>0x3e37078a,0x01d70a98</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: templatelab.com

Source: AcroRd32.exe, 00000006.00000003.239652748.000000000BF43000.00000004.00000001.sdmp	String found in binary or memory: http://w.a
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp, AcroRd32.exe, 00000006.00000003.267703684.000000000BBC4000.00000004.00000001.sdmp	String found in binary or memory: http://www.askjan.org/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: http://www.askjan.org/)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: http://www.askjan.org/xm
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: AcroRd32.exe, 00000006.00000002.1651921116.00000000074B0000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: AcroRd32.exe, 00000006.00000003.274224374.000000000B9CD000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000006.00000003.274224374.000000000B9CD000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/)m
Source: AcroRd32.exe, 00000006.00000003.274224374.000000000B9CD000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/9l
Source: AcroRd32.exe, 00000006.00000003.267703684.000000000BBC4000.00000004.00000001.sdmp	String found in binary or memory: https://askjan.org/topics/COVID-19.cfm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://askjan.org/topics/COVID-19.cfm)
Source: AcroRd32.exe, 00000006.00000003.267703684.000000000BBC4000.00000004.00000001.sdmp	String found in binary or memory: https://askjan.org/topics/COVID-19.cfm2.
Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp, ~DF607C8DFA7F9E2A87.TMP.1.dr	String found in binary or memory: https://templatelab.com/ada-rehabilitaion-act-coronavirus/
Source: {679099D5-768B-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://templatelab.com/ada-rehabilitaion-act-coronavirus/Root
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/contact-tracing-nonhealthcare-workplaces.html)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/critical-workers/implementing-safety-practices.h
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/general-business-faq.html)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/high-risk-workers.html?deliveryName=USCDC_2067-D
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/index.html)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/businesses-employers.html)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/testing-non-healthcare-workplaces.
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/downloads/Essential-Critical-Workers_Dos-and-Donts.pdf)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html#
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html/
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/people-at-higher-risk.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/people-at-higher-risk.html)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/pregnancy-breastfeeding.html
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/pregnancy-breastfeeding.html&
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/pregnancy-breastfeeding.html)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/vaccines/different-vaccines/mrna.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/vaccines/different-vaccines/mrna.html)
Source: AcroRd32.exe, 00000006.00000003.236561521.0000000009B28000.00000004.00000001.sdmp, ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.ecfr.gov/cgi-bin/text-idx?SID=28cadc4b7b37847fd37f41f8574b5921&mc=true&node=pt29.4.1630&
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/chart-risk-factors-harassment-and-responsive-strategies)
Source: AcroRd32.exe, 00000006.00000003.274224374.000000000B9CD000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/coronavirus
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/coronavirus)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/disability-discrimination)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/employers/small-business/harassment-policy-tips)
Source: AcroRd32.exe, 00000006.00000003.236561521.0000000009B28000.00000004.00000001.sdmp, ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/enforcement-guidance-disability-related-inquiries-and-medical-exa
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-
Source: AcroRd32.exe, 00000006.00000003.236561521.0000000009B28000.00000004.00000001.sdmp, ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/enforcement-guidance-unlawful-disparate-treatment-workers-caregiv
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/laws/guidance/legal-rights-pregnant-workers-under-federal-law
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/legal-rights-pregnant-workers-under-federal-law)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q1
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q5
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q6
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q7
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#se
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/qa-understanding-waivers-discrimination-claims-employee-severance
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace)
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplaceJ
Source: AcroRd32.exe, 00000006.00000003.279519878.000000000B549000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace_
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/select-task-force-study-harassment-workplace#_Toc453686319)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/sites/default/files/2020-04/pandemic_flu.pdf)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q1
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q1)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q17
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q17)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q18=
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q1~=5
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q20
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q20)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q9
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q9)
Source: AcroRd32.exe, 00000006.00000003.278360966.000000000BB75000.00000004.00000001.sdmp	String found in binary or memory: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q9L
Source: AcroRd32.exe, 00000006.00000003.236561521.0000000009B28000.00000004.00000001.sdmp, ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.eeoc.gov/wysk/message-eeoc-chair-janet-dhillon-national-origin-and-race-discrimination-d
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.fda.gov/medical-devices/emergency-situations-medical-devices/faqs-diagnostic-testing-sar
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.fda.gov/vaccines-blood-biologics/vaccines/emergency-use-authorization-vaccines-explained
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.govinfo.gov/content/pkg/CFR-2011-title29-vol4/xml/CFR-2011-title29-vol4-sec1630-10.xml)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.govinfo.gov/content/pkg/CFR-2012-title29-vol4/xml/CFR-2012-title29-vol4-sec1630-2.xml)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.govinfo.gov/content/pkg/CFR-2019-title29-vol4/xml/CFR-2019-title29-vol4-sec1630-14.xml)
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.govinfo.gov/content/pkg/USCODE-2018-title42/html/USCODE-2018-title42-chap126-subchapI-se
Source: AcroRd32.exe, 00000006.00000003.267703684.000000000BBC4000.00000004.00000001.sdmp	String found in binary or memory: https://www.osha.gov/SLTC/covid-19/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	String found in binary or memory: https://www.osha.gov/SLTC/covid-19/)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: unknown	HTTPS traffic detected: 104.26.12.36:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.36:443 -> 192.168.2.3:49708 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: clean0.win@17/61@1/3

Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-under-ada#general
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/select-task-force-study-harassment-workplace#_Toc453686319
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/disability-discrimination
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.osha.gov/SLTC/covid-19/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q1
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/legal-rights-pregnant-workers-under-federal-law
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/sites/default/files/2020-04/pandemic_flu.pdf
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/critical-workers/implementing-safety-practices.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: http://www.askjan.org/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/pregnancy-breastfeeding.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q9
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/businesses-employers.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/lab/resources/antibody-tests-guidelines.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.ecfr.gov/cgi-bin/text-idx?sid=28cadc4b7b37847fd37f41f8574b5921&mc=true&node=pt29.4.1630&rgn=div5#se29.4.1630_12
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/cfr-2012-title29-vol4/xml/cfr-2012-title29-vol4-sec1630-2.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q7
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/vaccines/different-vaccines/mrna.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/downloads/essential-critical-workers_dos-and-donts.pdf
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/CFR-2019-title29-vol4/xml/CFR-2019-title29-vol4-sec1630-14.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-under-ada#requesting
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/need-extra-precautions/people-at-higher-risk.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://askjan.org/topics/COVID-19.cfm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.fda.gov/medical-devices/emergency-situations-medical-devices/faqs-diagnostic-testing-sars-cov-2
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.osha.gov/sltc/covid-19/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/index.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/wysk/message-eeoc-chair-janet-dhillon-national-origin-and-race-discrimination-during-covid-19
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#secB
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://askjan.org/topics/covid-19.cfm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/contact-tracing-nonhealthcare-workplaces.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/high-risk-workers.html?deliveryName=USCDC_2067-DM29601
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-unlawful-disparate-treatment-workers-caregiving-responsibilities
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/employers/small-business/harassment-policy-tips
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/CFR-2012-title29-vol4/xml/CFR-2012-title29-vol4-sec1630-2.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-reasonable-accommodation-and-undue-hardship-under-ada#undue
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/select-task-force-study-harassment-workplace#_toc453686319
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/cfr-2011-title29-vol4/xml/cfr-2011-title29-vol4-sec1630-10.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/high-risk-workers.html?deliveryname=uscdc_2067-dm29601
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q20
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/testing-non-healthcare-workplaces.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/USCODE-2018-title42/html/USCODE-2018-title42-chap126-subchapI-sec12112.htm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/community/general-business-faq.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#secb
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/coronavirus
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/chart-risk-factors-harassment-and-responsive-strategies
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/CFR-2011-title29-vol4/xml/CFR-2011-title29-vol4-sec1630-10.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/questions-and-answers-religious-discrimination-workplace
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q6
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q11
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q5
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.cdc.gov/coronavirus/2019-ncov/downloads/Essential-Critical-Workers_Dos-and-Donts.pdf
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.ecfr.gov/cgi-bin/text-idx?SID=28cadc4b7b37847fd37f41f8574b5921&mc=true&node=pt29.4.1630&rgn=div5#se29.4.1630_12
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q12
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/cfr-2019-title29-vol4/xml/cfr-2019-title29-vol4-sec1630-14.xml
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/enforcement-guidance-disability-related-inquiries-and-medical-examinations-employees
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q17
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q16
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q19
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act#q18
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/transcript-march-27-2020-outreach-webinar#q17
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.fda.gov/vaccines-blood-biologics/vaccines/emergency-use-authorization-vaccines-explained
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.govinfo.gov/content/pkg/uscode-2018-title42/html/uscode-2018-title42-chap126-subchapi-sec12112.htm
Source: ._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf.2.dr	Initial sample: https://www.eeoc.gov/laws/guidance/qa-understanding-waivers-discrimination-claims-employee-severance-agreements

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFDA36E2CF24B83655.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4600 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 2024
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 2024
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=9047234563143899772 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13126402487251577759 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13126402487251577759 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13365710013370324663 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13365710013370324663 --renderer-client-id=4 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15977986577334180066 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15977986577334180066 --renderer-client-id=5 --mojo-platform-channel-handle=2164 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4600 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 2024	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 2024	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=9047234563143899772 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13126402487251577759 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13126402487251577759 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13365710013370324663 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13365710013370324663 --renderer-client-id=4 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1700,14431000459877472766,9177081831552403983,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15977986577334180066 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15977986577334180066 --renderer-client-id=5 --mojo-platform-channel-handle=2164 --allow-no-sandbox-job /prefetch:1	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

File opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfg

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Source: AcroRd32.exe, 00000006.00000003.279580368.000000000BD4A000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 6_2_04943490 LdrInitializeThunk,

6_2_04943490

HIPS / PFW / Operating System Protection Evasion:

Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000006.00000002.1650541564.0000000005360000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

ID:	357038
Product:	CloudBasic
Start time:	02:30:25
Start date:	24.02.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0	data	509385F4F5457239C01B8A1111237C5C	92C1AD14573169F99B9F94AA116457E3605C5830	C77938702DEFFDC5626D3C4A10F077D99AD87F86F34DCED4392ADC46AF002F91
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0	data	09E0FF499FC5506897B2D43FD1682779	F48283A4FD70F5C4A5B0096067C332ECDBF2905F	E3CFC58E5A5D6AB2952C268FC79A45FF0B420D1439CCF22396BDF8AD21477D59
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0	data	AC31CEE6E86350530B72C6F9BF30294F	BEB4BAAE3A001D254A38122239E3606E3D2D159C	561B08C4C4B6F3EA4EC56008E8E3A48737B11734566FDFAE8ADF6BCF05887A64
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0	data	3856CDAFDBCFF40AA81EB361B57A5C5C	960468F9EF26E7899A8BD8E22D0F0CF697344D9F	08D8A1B82F7D79F0771297BA86153420FDD59389BB53EAD4FEE7C03FA33B4BDD
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0	data	874DA5FD3B5518202DFDDE876BAF4164	5D428D01B129DAC01E5585928B6402C61A05EBB5	4F996A62F1D67E24595A1DEAD3A7D3B8A6E3BD92E58062A5FE5CF8B4A40B4E3C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0	data	A859E721CB9B1F8AFF2D625D8B588327	B64A15963DDC95C75DD422D88A429E03742F754E	3C13D9DA8AE1A9262C3E36E493AE057FA9A1EEBB7FEE8599E64E99FE409AF7C6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0	data	1FD634BC243C508A19EFC69CFCA05CCF	240E4F1CC7E756AC325F60E82807C4404CB181E3	F63157D2AADDA8F0EAFF1F0BDD5E43853B3DC02023301EE301B07AA23122683B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0	data	2E659C457623F71D0EF144CB3F6A14F3	13D08516B442E5217FC27802DB092F6B590CA06D	1DEF800DBBB59CEAD0D16F4A2CD77017A98FC56BE88566766A1A49A0A8A3485F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0	data	E29E4D9ED6A2416AC5266D61FCF108A9	C2819EDFCAD280B5581C4512333B97F14104B2AF	3C0787F9563BFB63DF8FA2C6B2E91D8CD0D414531B88AE2BE9A618379BA74260
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0	data	0F187F02BAF376B6D2853E35BF5391E2	17881EA5AEBF23FD64BBF965A35BCF884059E454	A6C766CF7CAAB802F99F58B4611CE107E41E6B5E607AEC910FF3DD8DEE2E9493
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0	data	0294642A5C6B5F2F79B15F8960207136	8937D03A07A84103D72A13BDE127975291CDF20C	4F24D5BAC8534118E5F88631091E94365957029221DE3FDF36ACA9E6E8262E74
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0	data	883F7060C6CC4249888216F4E91A7E7F	DE83E1CC3BC57B082F5E88A6F289480D50B7B9D4	83FE55D2D407B718336D4DA47D90A48949EB5AE282E5CF0BF954B9FE5C372896
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0	data	59B75D4F20F79CCBF66C64FBA021D329	0172AF7B29296859394EDE40F7606CB57B06D41B	566A2B4F0AB7D7E6F22602E417C88CC0434432543A87EE4451EF14C3E244BBF3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0	data	3201BDD8C19F0D5FA8A98513B7D859D2	8D3A5A564BF97DFECD57EB7C398651A15711A266	736DCA5B086C09FE5CC897C134EBD80D525C8B0D6819CCF028E171855C43F1AE
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0	data	D71A2D79D59AC43D35352C2221498506	111D8CF188B37562B389E50B7D60AE204B15D3F8	A13C5F263DE90B46517A51E10F33714E741B7B7A776337003A0650496DFA131A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0	data	5B3598B7CAA6741FCB4AEE9AAA688D0A	6BC6CB63A5F920F88EF8D4D83EE4893C4E35DA08	C601343C2D01772BB4F512043D4A0D6C78DC3A0550B46F9A4FE4AAACA492C8F0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0	data	F836CAF6F97C061827AC1ADAB0D121FC	223B64FC2B2F474586D706A1B8F8C020A8964BEA	4A1D3F4158E7C554DAFE50B984E5D3840FC58481A4660E7F856DD7B17261E85B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0	data	10B13BD66F268C9F9D4896CAA91B0BAE	DD17CBB68DFBF383C3AA6A08D18E793649664CDE	87FC8CA18A4867CEDA1B63030A9E74B1EFB27AA6D7B0EDB3438DA8468FF5005B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0	data	32D4E0A3646099E46A1719A072E775A9	7E1AFFA3034C3172B5760A6962BDC73392671D2D	2A531D551FC8A69F7F63624AF215F6F1AF3A735772F8502C43ECAE170B06BEA7
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0	data	EC2C5F650D3794973CC6FD1E3532D872	C41901B26A6E8CCBB231B86492C7DD53125543BA	F9C48CF28EADB848D5AEF6EFD9682BD42A54920BA62EF6B1CDBACAB69384BE38
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0	data	C9DC1167F49C5CC7D8B6D341D249B587	AEC58F0357BA15B49B58231D3B3A9447F90F29BB	C71D9269412464DDD3F576FD09D01D8DEF264E4ABCF024B1745794863B95B403
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0	data	F35FA9921656EA8CC344D8D1C0DE3C34	BC59DFDE306539F48BA9904B968FAEE14E616BE4	61CAC52FB2518E1CDBAF6267563BBAB95EC0980AD2DCFBC79E7A41118FD500A4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0	data	97A118FB736DCD2EB4EE5BF629FDB3CE	1505461692769F1EA361761C7182466D9520BEE7	BD442744CAE15661C115159885E8D201F97262E77296AE826FC5C6C26FB26F2D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0	data	777984D28446E4C40DB5B8CC40FB89CA	02EB5F5CCD00E65DB0314E24ECB4F0D4AF3D58A1	92F9B0367B363D870BE9679BEF2B2A8B8F98286FB46434064C2B3BB1D5A987CF
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0	data	84B5D07D747CE469EFBADFE7835377E8	D5D316737BAF9319AE1EA4686828B9C94EE9BD4C	097CE832AEBCF1C754CB0BE8CF781C9CC3224BDD987D5E0F8EC8999963946442
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0	data	D2BD14D373BC5FB9235100AAD9C2E098	C75DA80FFBFB2532A754D8638FE8414D7661D07F	F3FA69701E453547D886716AC16081CF01D298A0423C227300DF99228B1A2755
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0	data	E0B61E6F09E88D98CE19AB826443CA8A	484021DC5FC8A004CD309253824BDAA5CA91325E	6ED93E4FE217DC206193BD930E25A7BD074441B619F2664B37F4064056FE6441
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0	data	13BAB4C7DF26CDE97736FB9FD623EBDA	9D68BA41E4580B003E1A3C2BAABE0743F4EE76C2	9257B71FABE9F61488269C4F19DC2C0A195B43D0E3F374A85C866AB18AFE1CD5
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0	data	A00A40653F6509405F6A5911E86646F1	4C5A973F61E99C081BC708B46B26678C07C60208	A0EE988BCA725D638C7D7E3B6781C60F57C37142415AE6073E33DB9EFE6D1614
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0	data	E08820A93275AB69C6403464D22C8975	C389E03FEDB5F12D52F0045EA3288D3AAEF6A459	1271B380FEF84D3DB879F42CDD9C70F2A165DA4C854C4712BBC34590ABFC3309
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0	data	DCC470A7A0445DB49940E03478A9CB9B	B0013702989508237F745D70F913639A3A0DE884	EE782A5B841E8A0F142A5DD331A04EE284B05488F6DA709A889D0E78A93B1B0F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0	data	4F232C299DB3FD474FE9894C53E0E78C	BBD465B85130A303A5E72A771C2549B7A746DAF7	89655B01EE35290AA95798E1BC2BABEB267BC025525814829CA0C062DC0B2D6D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0	data	9DA2DF90B5EA9221A7D11E4EC40B2685	C67A659FDB4DA49D8EBAB644B3BD2A9F3A0BB358	F31CC5296A44C1151504266DEF76CE7BC9D78D73E7C4508F7F631FCBF4EB6703
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0	data	FF2BC34B60DDCC1674777A3524C6B2A6	B8EEA1FB6F361F0714C8643ADFDFA6EDFA172A22	D3EE344A18360E4B567C537CBD0FFAE8061EC38BC5428A073343406AC5C46D53
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0	data	D618246F63CACF177906CB21A206E6A9	0A75B55056F456E25A1CB18C51CD9FA7D904DD2B	A7CD3CCC46EB00EE47341C8682E17664AF512D9C1703D22BBB42AA96C9A6D672
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0	data	79DB11F607143F6C66617A21A19A78DA	3AED1A71BD080C1243A6BF7FDCF0B500277174EE	E034B9F9BFB0CB689FF378E6D0913A05317D00A325856716450B6740AA0219A1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0	data	1B60FCD24D57074471DE816C2D1C30D8	4D3DAD8A5DBBE532B2D71C3C9AF572BDD0E06ADB	3D2085436D7D863E6C6C0877C2E433BD680B9AB2C33CFF6291E8895A07582ED2
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0	data	D5A4F18F9E69261C1CEDDD98DE0707FB	3A02B660D8D465753F8D345B6EB786E2C603B4A3	E330ECE9CC12C460DD62FA50618B0882CAFA4C0436EB827F0E4479F59680551E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0	data	D23022D6F00EDCDF614D9B4CAAD53F3B	AE710EF16C51F0EA732EC85B5FC82A696746EB37	585F287D51CCE3C92773F403059505646D85A117D2BF3EA8643FCBA14264CB31
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index	data	272E97EA6AD8549B833CBEDFE9A89E15	21F4D3E5EFBDC1988ADCF95654390A1E0BB8E9CF	CE45A7BD157BD00043F0BFD58ABF01CC78ECC8C119D3874502DE5B365618E8A4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	1312009087266904A8C3DD95DC1C2225	EBC12E9FD781581FB56A623C9C7DA1E04D1AE306	B660A0D10D157EAF3327C360B07EA415A4E12096A7B4F36F6E1D115A29B49CEC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links	data	CFB315BC46FE90003DA8EBD9F4B3ADCC	D2CE24C0F4BC5B05A24FBE51370821160EAADF1B	551AED495E031A34FDA7CD305771663B585FFAD758EFFBD8EE8B2EFE35E6DE8B
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3024000	253416C6A419AFD88D0E0F6ED0D7F343	454A44A39630A45C41CDBB84A3D57AA1D6A884CE	170A842AB18B71E443F352B2EF4DEC833EF5A3264184BDD34521B0A1D2BA8987
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	data	214E6C228319F8EBB514827690822B5E	787415C3E9314D23543816E5BBF2E24F9120D4A8	EE262C55B0EC8DD409DABAD8C771FA5D3F43B58F110D42A27679F2015773E941
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{679099D3-768B-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	3B639D8083A0CAC9073B1F7E93869781	210B2AB03C80BCD33E8405C495286BD0E26F3DEF	12F853BDF9EF10129FAC88D0902FCFADD6AB7EBCFA30075BC4E691E32880390D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{679099D5-768B-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	C254B15F6762E70792C8D9897E1EB61A	5B3D50B3DE8841F69D69451F6C04C3B56D911BC3	5C7C8C2C8E0A3D1F8E19F04E8E9368C997E966364A4C5FDC468D442F7E5930BC
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{679099D6-768B-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	C0E9518FA7ECFBA592540C5406BB5C00	5BF2C5D2422B7A492049A9B949B0D912606F03D2	204F221A2E8C418B8B7047B867C1AF0165C03DA76F0273804F2390F34C6A3E2D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	56399DCDFCFB719D479CD4289349B9BF	25DDC896543BF057089BDCA49DEBBFE19E0FBF69	AC70507454E42D58F00B0985199218E59CCE6DC91F36A6807747C6895FB5FB25
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	31E3955431E612C9A1C75C2C3ACE4563	FE3221E469FC608A6E607A740BE8D76B192AF4B2	FD891702DF25A98FF77BE6D9EA941CCCB8B7BEE4F9743B40B55CA7556D43B68A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	21E06D1A6B03D4AAC55BBCA40C18F7AC	974441DDA13216428EA565429588C560992B2DD8	B004DF5386D46E00EA7E02E02371B3A2916F678CB694DA14EE591AF66C021186
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	45E8C09F7BB72DEE76F94A052CC46405	8ECC112B01243AECD499DEC9922927AFA688A03B	BDCBA5481F168BECF772FED7AC8FDC7EC8E73F5FD68C370048B8F7E1197EFBE1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	B0CC52A0DD36DBD063464DE9007EACBB	1A6D7F8E1263C96AF5FFC471E059B3DFA07F19BC	CE2A1CF708DF791FB8B423CB79C266DCFC4AB81EA13E7EF9665D8B0E01480847
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	BC7699DAF6FB271D5D25E56ED5F54F3C	E5C04FAC41052C232FBAEA1C8C7D1F17F863C9BE	2E1FC45A963D1E811971E5787870F1ADE10897003DD9EAABD550FA0E5B228A0D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	57CB9DE79F31F940AEA1D109B22C1FF9	3075458114DCF518545355863D3F35B17371F059	7DC3BC847D60538004D48910BB74B4F939109951918283E62B2C9924CE2D4C95
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	0A383A398EA3B00C6EA7B75909C84001	85D706B073BF8F20429158612547A09BAA169C8F	472997C19617B814B4306D89BE179FFF8F5F086F33D6A6FCECBFFCC96A975116
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	7E63B89D05A4B48B9850C7D5466B7E3D	DBF520D4F70D68F2089D229C6CC2C64DBD2001EA	826B6019B9C2D6A47B1EF0144328E129D53D561980253A11096E549601FDCD8A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\._files_ada-rehabilitaion-act-coronavirus.pdf[1].pdf	PDF document, version 1.4	C59619E954F34013C5E90BDCA279BDD8	6FF284222A34BF076FA2DE3801A040FB05DB9326	DB0F31E4517BC4C85FF2C5F22953FCF6910A8BF09ACDBD1DC032AB47F8EAB708
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rtzb8pn_r4v8rg_2t0.tmp	data	B0B8E1F5741510025205BF2820E0F62F	D0D9D8B8CC0AFADCEC7183A139DEAE211B502E35	79348EFDF990269DF14A1BFC5E015B3D484F937996B441471C9D0BC575523770
C:\Users\user\AppData\Local\Temp\~DF484B5CB7814FD922.TMP	data	1F6B4CF8D0D36B82640F4BA97F7869D6	BD0531260F0463959E43B708F0CE3EDAE0C05FAB	8AFB6CDE69CE1B20C85CDC01E3C3E023C346107690CFDD26571897558F361303
C:\Users\user\AppData\Local\Temp\~DF607C8DFA7F9E2A87.TMP	data	70D92F0BC6DF9AF22D087F135B7F95C6	8C1A8278F19E9B2C033DBF81A046D6E61C3E784D	E17C7561D8A6B50FAD72EC83B195A37F5AC720A5A9CC70F27DE46909230D833C
C:\Users\user\AppData\Local\Temp\~DFDA36E2CF24B83655.TMP	data	117D2CC7B34A7AE6272AFBDCED268642	283CFBB01C3C1246080DFA4C0217539BCF6B8167	4048878A106D03C013E14488297814BFC451D39A0BF71469255AAF3434E9D7F6

Analysis Report https://templatelab.com/ada-rehabilitaion-act-coronavirus/

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains