| Source: msapplication.xml0.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xaef4f5bf,0x01d746df</date><accdate>0xaef4f5bf,0x01d746df</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
| Source: msapplication.xml0.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xaef4f5bf,0x01d746df</date><accdate>0xaef4f5bf,0x01d746df</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
| Source: msapplication.xml5.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xaefc1cd2,0x01d746df</date><accdate>0xaefc1cd2,0x01d746df</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter) |
| Source: msapplication.xml5.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xaefc1cd2,0x01d746df</date><accdate>0xaefc1cd2,0x01d746df</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter) |
| Source: msapplication.xml7.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xaefc1cd2,0x01d746df</date><accdate>0xaefc1cd2,0x01d746df</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube) |
| Source: msapplication.xml7.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xaefc1cd2,0x01d746df</date><accdate>0xaefc1cd2,0x01d746df</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube) |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
| Source: AcroRd32.exe, 00000004.00000002.1660481864.0000000009794000.00000004.00000001.sdmp, ~DF5E4421C38C2CE13F.TMP.1.dr |
String found in binary or memory: http://louisville.edu/coronavirus/assets/Dec12020InterimPolicyforUniversityTravel.pdf |
| Source: {D9051C57-B2D2-11EB-90E4-ECF4BB862DED}.dat.1.dr |
String found in binary or memory: http://louisville.edu/coronavirus/assets/Dec12020InterimPolicyforUniversityTravel.pdfRoot |
| Source: AcroRd32.exe, 00000004.00000002.1660481864.0000000009794000.00000004.00000001.sdmp |
String found in binary or memory: http://louisville.edu/coronavirus/assets/Dec12020InterimPolicyforUniversityTravel.pdfs |
| Source: Dec 1 2020 - Interim Policy for University Travel[1].pdf.2.dr |
String found in binary or memory: http://louisville.edu/studyabroad/policies/travel-warning-policy) |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0H |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0I |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
| Source: msapplication.xml.1.dr |
String found in binary or memory: http://www.amazon.com/ |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
| Source: msapplication.xml1.1.dr |
String found in binary or memory: http://www.google.com/ |
| Source: msapplication.xml2.1.dr |
String found in binary or memory: http://www.live.com/ |
| Source: AcroRd32.exe, 00000004.00000002.1661021220.0000000009998000.00000004.00000001.sdmp, Dec 1 2020 - Interim Policy for University Travel[1].pdf.2.dr |
String found in binary or memory: http://www.louisville.edu/coronavirus) |
| Source: msapplication.xml3.1.dr |
String found in binary or memory: http://www.nytimes.com/ |
| Source: AcroRd32.exe, 00000004.00000002.1653199339.0000000008030000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default |
| Source: AcroRd32.exe, 00000004.00000002.1653199339.0000000008030000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/drm/default |
| Source: AcroRd32.exe, 00000004.00000002.1653199339.0000000008030000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn |
| Source: AcroRd32.exe, 00000004.00000002.1653199339.0000000008030000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/layout/anchor |
| Source: AcroRd32.exe, 00000004.00000002.1653199339.0000000008030000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes |
| Source: AcroRd32.exe, 00000004.00000002.1653199339.0000000008030000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs |
| Source: AcroRd32.exe, 00000004.00000002.1653199339.0000000008030000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/subclip/1.0 |
| Source: AcroRd32.exe, 00000004.00000002.1653199339.0000000008030000.00000002.00000001.sdmp |
String found in binary or memory: http://www.quicktime.com.Acrobat |
| Source: msapplication.xml4.1.dr |
String found in binary or memory: http://www.reddit.com/ |
| Source: msapplication.xml5.1.dr |
String found in binary or memory: http://www.twitter.com/ |
| Source: msapplication.xml6.1.dr |
String found in binary or memory: http://www.wikipedia.com/ |
| Source: msapplication.xml7.1.dr |
String found in binary or memory: http://www.youtube.com/ |
| Source: Dec 1 2020 - Interim Policy for University Travel[1].pdf.2.dr |
String found in binary or memory: https://forms.office.com/Pages/ResponsePage.aspx?id=Sm4k3TRUFU6K45Gtl5eyCSa4a5uPy2ZEov0th0MezgJUN0NK |
| Source: AcroRd32.exe, 00000004.00000002.1660857750.0000000009950000.00000004.00000001.sdmp |
String found in binary or memory: https://ims-na1.adobelogin.com |
| Source: AcroRd32.exe, 00000004.00000002.1660857750.0000000009950000.00000004.00000001.sdmp |
String found in binary or memory: https://ims-na1.adobelogin.com: |
| Source: AcroRd32.exe, 00000004.00000002.1659566788.0000000008EED000.00000002.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
| Source: Dec 1 2020 - Interim Policy for University Travel[1].pdf.2.dr |
Initial sample: https://forms.office.com/pages/responsepage.aspx?id=sm4k3trufu6k45gtl5eycsa4a5upy2zeov0th0mezgjun0nkt0mzufljudrpwtnnsfdvn1josfbqmcqlqcn0pwcu |
| Source: Dec 1 2020 - Interim Policy for University Travel[1].pdf.2.dr |
Initial sample: https://forms.office.com/Pages/ResponsePage.aspx?id=Sm4k3TRUFU6K45Gtl5eyCSa4a5uPy2ZEov0th0MezgJUN0NKT0MzUFlJUDRPWTNNSFdVN1JOSFBQMCQlQCN0PWcu |
| Source: Dec 1 2020 - Interim Policy for University Travel[1].pdf.2.dr |
Initial sample: http://www.louisville.edu/coronavirus |
| Source: Dec 1 2020 - Interim Policy for University Travel[1].pdf.2.dr |
Initial sample: http://louisville.edu/studyabroad/policies/travel-warning-policy |
| Source: unknown |
Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
|
| Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5916 CREDAT:17410 /prefetch:2 |
|
| Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 4552 |
|
| Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 4552 |
|
| Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5916 CREDAT:17410 /prefetch:2 |
Jump to behavior |
| Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 4552 |
Jump to behavior |
| Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 4552 |
Jump to behavior |
| Source: AcroRd32.exe, 00000004.00000002.1650353958.0000000005D70000.00000002.00000001.sdmp |
Binary or memory string: Program Manager |
| Source: AcroRd32.exe, 00000004.00000002.1650353958.0000000005D70000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
| Source: AcroRd32.exe, 00000004.00000002.1650353958.0000000005D70000.00000002.00000001.sdmp |
Binary or memory string: Progman |
| Source: AcroRd32.exe, 00000004.00000002.1650353958.0000000005D70000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet