Analysis Report ChineseCoronaviruses53lyqK.pdf

Overview

General Information

Sample Name:	ChineseCoronaviruses53lyqK.pdf
Analysis ID:	427746
MD5:	57dd5b69a9113ba248e6878114830aad
SHA1:	16c78f58a76ef12f691f09ce1ae2dd23d605980e
SHA256:	8cedb318de9f0085d24c6cdfdc1073fdca5acc2230d3ab322f2c3e84a0a24421
Infos:
Most interesting Screenshot:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

IP address seen in connection with other malware

Invalid 'forgot password' link found

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

Classification

Signatures

Phishing:

Invalid 'forgot password' link found

Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: Invalid link: Forgot your password? Get help
Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: Invalid link: Forgot your password? Get help

Invalid T&C link found

Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: Invalid link: Forgot your password? Get help
Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: Invalid link: Forgot your password? Get help

Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: No <meta name="author".. found
Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: No <meta name="author".. found

Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: No <meta name="copyright".. found
Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.67.73.71:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.73.71:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.20.22:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.20.22:443 -> 192.168.2.4:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.98:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.98:443 -> 192.168.2.4:49801 version: TLS 1.2

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 192.0.73.2 192.0.73.2
Source: Joe Sandbox View	IP Address: 192.0.73.2 192.0.73.2

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com","thumbnail":{"thumbnails":[{"url":"https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s200-c-k-c0x00ffffff-no-rj?days_since_epoch=18779","width":200,"height":200}]},"siteName":"YouTube","appName":"YouTube","androidPackage":"com.google.android.youtube","iosAppStoreId":"544007664","iosAppArguments":"https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg","ogType":"yt-fb-app:channel","urlApplinksWeb":"https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks","urlApplinksIos":"vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks","urlApplinksAndroid":"vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks","urlTwitterIos":"vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=twitter-deep-link","urlTwitterAndroid":"vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=twitter-deep-link","twitterCardType":"summary","twitterSiteHandle":"@YouTube","schemaDotOrgType":"http://schema.org/http://schema.org/YoutubeChannelV2","noindex":false,"unlisted":false,"familySafe":true,"tags":["Vision times","China","Global News","World News","Current Issue","News","Disaster","Global Issues"],"availableCountries":["NF","FO","TH","DO","UM","BA","PM","CG","JP","MH","MQ","RO","WS","LS","MO","GG","HN","NI","UG","BS","MR","SV","MN","TC","AX","TV","NA","PW","GB","NO","NZ","HT","AE","BZ","GL","GU","FJ","GQ","TZ","AI","PS","LU","BF","JO","GE","CA","BL","DE","TL","KH","IT","LV","TM","VN","EH","MM","KY","SR","BB","IQ","CF","CI","KR","ST","ES","OM","IL","AR","DZ","LR","PL","UA","MS","IS","KI","AT","GW","TK","WF","ID","SA","NU","BI","GI","ML","KN","NC","VA","BY","NE","MU","KM","BJ","SX","TO","IE","CZ","ZA","MK","GT","IN","PH","CW","KZ","SL","SZ","PN","BE","IO","AD","RU","ZW","SM","VI","LI","KP","AG","PF","CV","FI","MC","YE","CC","MF","PR","PE","BV","GN","BR","HU","AU","IR","UZ","AW","FK","YT","MV","SD","SI","SJ","TD","TG","CM","BT","GS","CK","SH","NP","LT","TJ","HK","NG","MT","SB","AM","BO","CL","MD","BG","IM","FM","MP","GM","VE","EC","SS","HR","KG","GH","HM","GP","BD","PA","AF","RS","AZ","SE","SO","TN","BW","GF","TW","MW","JM","GA","TT","VG","CR","PY","NL","VC","SC","CX","DJ","LC","PK","KW","GD","KE","SK","ET","ME","SY","TF","PT","SN","MX","VU","EE","SG","TR","ER","AL","BH","MG","QA","MY","US","BM","CN","GR","AS","GY","LY","LB","LK","DM","MA","CO","RW","NR","ZM","DK","CY","PG","CU","UY","EG","CH","MZ","CD","JE","BN","AO","BQ","FR","LA","RE","AQ"],"linkAlternates":[{"hrefUrl":"https://m.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"},{"hrefUrl":"android-app://com.google.android.youtube/http/youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"},{"hrefUrl":"ios-app://544007664/http/youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"}]}}};</script><link rel="canonical" href="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><link rel="alternate" media="handheld" href="https://m.youtube.com/c/VisionTimesNews"><link rel="alternate" media="
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com"><meta name="keywords" content=""Vision times" China "Global News" "World News" "Current Issue" News Disaster "Global Issues""><link rel="alternate" type="application/rss+xml" title="RSS" href="https://www.youtube.com/feeds/videos.xml?channel_id=UCwjyYoGq87bnV3t1nqSjGNg"><meta property="og:title" content="Vision Times News"><link rel="image_src" href="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><meta property="og:site_name" content="YouTube"><meta property="og:url" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta property="og:image" content="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><meta property="og:image:width" content="900"><meta property="og:image:height" content="900"><meta property="og:description" content="Bringing you Truth, Inspiration, Hope. equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: "><meta itemprop="paid" content="false"><meta itemprop="channelId" content="UCwjyYoGq87bnV3t1nqSjGNg"><span itemprop="author" itemscope itemtype="http://schema.org/Person"><link itemprop="url" href="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><link itemprop="name" content="Vision Times News"></span><script type="application/ld+json" nonce="xISKpvuiOBfpVhfcEyXnkA">{"@context": "http://schema.org", "@type": "BreadcrumbList", "itemListElement": [{"@type": "ListItem", "position": 1, "item": {"@id": "https:\/\/www.youtube.com\/channel\/UCwjyYoGq87bnV3t1nqSjGNg", "name": "Vision Times News"}}]}</script><link itemprop="thumbnailUrl" href="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><span itemprop="thumbnail" itemscope itemtype="http://schema.org/ImageObject"><link itemprop="url" href="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><meta itemprop="width" content="900"><meta itemprop="height" content="900"></span><meta itemprop="isFamilyFriendly" content="true"><meta itemprop="regionsAllowed" content="NF,FO,TH,DO,UM,BA,PM,CG,JP,MH,MQ,RO,WS,LS,MO,GG,HN,NI,UG,BS,MR,SV,MN,TC,AX,TV,NA,PW,GB,NO,NZ,HT,AE,BZ,GL,GU,FJ,GQ,TZ,AI,PS,LU,BF,JO,GE,CA,BL,DE,TL,KH,IT,LV,TM,VN,EH,MM,KY,SR,BB,IQ,CF,CI,KR,ST,ES,OM,IL,AR,DZ,LR,PL,UA,MS,IS,KI,AT,GW,TK,WF,ID,SA,NU,BI,GI,ML,KN,NC,VA,BY,NE,MU,KM,BJ,SX,TO,IE,CZ,ZA,MK,GT,IN,PH,CW,KZ,SL,SZ,PN,BE,IO,AD,RU,ZW,SM,VI,LI,KP,AG,PF,CV,FI,MC,YE,CC,MF,PR,PE,BV,GN,BR,HU,AU,IR,UZ,AW,FK,YT,MV,SD,SI,SJ,TD,TG,CM,BT,GS,CK,SH,NP,LT,TJ,HK,NG,MT,SB,AM,BO,CL,MD,BG,IM,FM,MP,GM,VE,EC,SS,HR,KG,GH,HM,GP,BD,PA,AF,RS,AZ,SE,SO,TN,BW,GF,TW,MW,JM,GA,TT,VG,CR,PY,NL,VC,SC,CX,DJ,LC,PK,KW,GD,KE,SK,ET,ME,SY,TF,PT,SN,MX,VU,EE,SG,TR,ER,AL,BH,MG,QA,MY,US,BM,CN,GR,AS,GY,LY,LB,LK,DM,MA,CO,RW,NR,ZM,DK,CY,PG,CU,UY,EG,CH,MZ,CD,JE,BN,AO,BQ,FR,LA,RE,AQ"><link rel="alternate" href="android-app://com.google.android.youtube/http/www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><link rel="alternate" href="ios-app://544007664/vnd.youtube/www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><script nonce="xISKpvuiOBfpVhfcEyXnkA">if (window.ytcsi) {window.ytcsi.tick('pdr', null, '');}</script><script nonce="xISKpvuiOBfpVhfcEyXnkA">(function() {var setFiller = function() { var fillerData={browse:{filler:true,page:"browse"},home:{filler:true,page:"home",endpoint:{commandMetadata:{webCommandMetadata:{url:"/",webPageType:"WEB_PAGE_TYPE_BROWSE"}},urlEndpoint:{url:"/"}},response:{contents:{twoColumnBrowseResultsRenderer:{tabs:[{tabRenderer:{selected:true,content:{richGridRenderer:{contents:[],continuations:[{nextContinuationData:{continuation:""}}]}}}}]}}}},search:{filler:true,page:"search",endpoint:{commandMetadata:{webCommandMetadata:{url:"/results",webPageType:"WEB_PAGE_TYPE_SEARCH"}}, equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: "><meta name="twitter:image" content="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><meta name="twitter:app:name:iphone" content="YouTube"><meta name="twitter:app:id:iphone" content="544007664"><meta name="twitter:app:name:ipad" content="YouTube"><meta name="twitter:app:id:ipad" content="544007664"><meta name="twitter:app:url:iphone" content="vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta name="twitter:app:url:ipad" content="vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta name="twitter:app:name:googleplay" content="YouTube"><meta name="twitter:app:id:googleplay" content="com.google.android.youtube"><meta name="twitter:app:url:googleplay" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><link itemprop="url" href="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta itemprop="name" content="Vision Times News"><meta itemprop="description" content="Bringing you Truth, Inspiration, Hope. equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: "><meta property="al:ios:app_store_id" content="544007664"><meta property="al:ios:app_name" content="YouTube"><meta property="al:ios:url" content="vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta property="al:android:url" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks"><meta property="al:android:app_name" content="YouTube"><meta property="al:android:package" content="com.google.android.youtube"><meta property="al:web:url" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks"><meta property="og:type" content="profile"><meta property="og:video:tag" content="Vision times"><meta property="og:video:tag" content="China"><meta property="og:video:tag" content="Global News"><meta property="og:video:tag" content="World News"><meta property="og:video:tag" content="Current Issue"><meta property="og:video:tag" content="News"><meta property="og:video:tag" content="Disaster"><meta property="og:video:tag" content="Global Issues"><meta property="fb:app_id" content="87741124305"><meta name="twitter:card" content="summary"><meta name="twitter:site" content="@youtube"><meta name="twitter:url" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta name="twitter:title" content="Vision Times News"><meta name="twitter:description" content="Bringing you Truth, Inspiration, Hope. equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: (g.Wm(b,"www.youtube.com"),c=b.toString()):c=Sv(c);b=new uy(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </a><a class="td-social-sharing-button td-social-sharing-button-js td-social-network td-social-twitter" href="https://twitter.com/intent/tweet?text=Chinese+Scientists+Looked+Into+Weaponizing+Coronaviruses%2C+According+to+Dossier&url=https%3A%2F%2Fwww.visiontimes.com%2F2021%2F05%2F11%2Fchinese-weaponizing-coronavirus.html&via=Vision+Times" title="Twitter"> equals www.twitter.com (Twitter)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: </script><link rel="shortcut icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon.ico" type="image/x-icon"><link rel="icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon_32.png" sizes="32x32"><link rel="icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon_48.png" sizes="48x48"><link rel="icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon_96.png" sizes="96x96"><link rel="icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon_144.png" sizes="144x144"><script nonce="xISKpvuiOBfpVhfcEyXnkA">var ytcsi={gt:function(n){n=(n\|\|"")+"data_";return ytcsi[n]\|\|(ytcsi[n]={tick:{},info:{}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t\|\|ytcsi.now();if(ticks[l]){ticks["_"+l]=ticks["_"+l]\|\|[ticks[l]];ticks["_"+l].push(v)}ticks[l]=v},info:function(k, equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: </script><script nonce="xISKpvuiOBfpVhfcEyXnkA">(function() {var img = new Image().src = "https://i.ytimg.com/generate_204";})();</script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/webcomponents-all-noPatch.vflset/webcomponents-all-noPatch.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/fetch-polyfill.vflset/fetch-polyfill.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script nonce="xISKpvuiOBfpVhfcEyXnkA">if (window.ytcsi) {window.ytcsi.tick('lpcs', null, '');}</script><script nonce="xISKpvuiOBfpVhfcEyXnkA">(function() {window.ytplayer={}; equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: </script><script nonce="xISKpvuiOBfpVhfcEyXnkA">if (window.ytcsi) {window.ytcsi.tick('lpcf', null, '');}</script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/scheduler.vflset/scheduler.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/www-tampering.vflset/www-tampering.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/spf.vflset/spf.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script nonce="xISKpvuiOBfpVhfcEyXnkA">if(window["_spf_state"])window["_spf_state"].config={"assume-all-json-requests-chunked":true}; equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social1 tdi_28"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="#" title="Vimeo" class="tdm-social-item"><i class="td-icon-font td-icon-vimeo"></i></a><a href="#" class="tdm-social-text">Vimeo</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div><div id="tdi_29" class="tdc-row"><div class="vc_row tdi_30 wpb_row td-pb-row"> equals www.facebook.com (Facebook)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social1 tdi_28"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="#" title="Vimeo" class="tdm-social-item"><i class="td-icon-font td-icon-vimeo"></i></a><a href="#" class="tdm-social-text">Vimeo</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div><div id="tdi_29" class="tdc-row"><div class="vc_row tdi_30 wpb_row td-pb-row"> equals www.twitter.com (Twitter)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social1 tdi_28"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="#" title="Vimeo" class="tdm-social-item"><i class="td-icon-font td-icon-vimeo"></i></a><a href="#" class="tdm-social-text">Vimeo</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div><div id="tdi_29" class="tdc-row"><div class="vc_row tdi_30 wpb_row td-pb-row"> equals www.youtube.com (Youtube)
Source: hong-kong[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_126"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_127" class="tdc-row stretch_row"><div class="vc_row tdi_128 wpb_row td-pb-row tdc-element-style"> equals www.facebook.com (Facebook)
Source: hong-kong[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_126"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_127" class="tdc-row stretch_row"><div class="vc_row tdi_128 wpb_row td-pb-row tdc-element-style"> equals www.twitter.com (Twitter)
Source: hong-kong[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_126"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_127" class="tdc-row stretch_row"><div class="vc_row tdi_128 wpb_row td-pb-row tdc-element-style"> equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_143"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_144" class="tdc-row stretch_row"><div class="vc_row tdi_145 wpb_row td-pb-row tdc-element-style"> equals www.facebook.com (Facebook)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_143"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_144" class="tdc-row stretch_row"><div class="vc_row tdi_145 wpb_row td-pb-row tdc-element-style"> equals www.twitter.com (Twitter)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_143"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_144" class="tdc-row stretch_row"><div class="vc_row tdi_145 wpb_row td-pb-row tdc-element-style"> equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: <a target="_blank" href="https://www.youtube.com/c/VisionTimesNews" title="Youtube"> equals www.youtube.com (Youtube)
Source: msapplication.xml7.19.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf7f40688,0x01d756f0</date><accdate>0xf7f40688,0x01d756f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.19.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf7f40688,0x01d756f0</date><accdate>0xf7f40688,0x01d756f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: <div class="td-post-sharing-visible"><a class="td-social-sharing-button td-social-sharing-button-js td-social-network td-social-facebook" href="https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.visiontimes.com%2F2021%2F05%2F11%2Fchinese-weaponizing-coronavirus.html" title="Facebook"> equals www.facebook.com (Facebook)
Source: base[1].js.20.dr	String found in binary or memory: Nha,Oha);h=this.loaderUrl;var l=void 0===l?!1:l;this.Bj=Jv(Lv(h,Pha,null),h,l,"Trusted Ad Domain URL");this.xa=kD(!1,a.privembed);this.protocol=0===this.Lb.indexOf("http:")?"http":"https";this.Aa=Nv((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)\|\|"")\|\|Nv(this.Lb)\|\|this.protocol+"://www.youtube.com/";l=b?b.eventLabel:a.el;h="detailpage";"adunit"===l?h=this.l?"embedded":"detailpage":"embedded"===l\|\|this.u?h=lD(h,l,Qha):l&&(h="embedded");this.Fa=h;rq();l=null;h=b?b.playerStyle:a.ps;var m=g.gb(rD,h);!h\|\|m&& equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: g.S(this.experiments,"web_player_api_logging_fraction");this.Da=!this.xa;this.enabledEngageTypes=new Set;this.deviceHasDisplay=b?!b.deviceIsAudioOnly:kD(!0,a.deviceHasDisplay);this.dd=mD(this.dd,a.ismb);t=a;g.yC(this.experiments,"html5_qoe_intercept")?t=g.yC(this.experiments,"html5_qoe_intercept"):this.Aj?(t=t.vss_host\|\|"s.youtube.com",this.Z("www_for_videostats")&&"s.youtube.com"===t&&(t=JD(this.Aa)\|\|"www.youtube.com")):t="video.google.com";this.hj=t;KD(this,a,!0);this.V=new RC;g.G(this,this.V); equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: g.TD=function(a){a=JD(a.Aa);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: g.jE=function(a){var b=g.UD(a);!a.Z("yt_embeds_disable_new_error_lozenge_url")&&Tha.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: tha=function(a,b){if(!a.i["0"]){var c=new cB("0","fakesb",{video:new ZA(0,0,0,void 0,void 0,"auto")});a.i["0"]=b?new kA(new uy("http://www.youtube.com/videoplayback"),c,"fake"):new VA(new uy("http://www.youtube.com/videoplayback"),c,new Rz(0,0),new Rz(0,0))}}; equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: true;else if(stack.indexOf("trapProp")>=0&&stack.indexOf("trapChain")>=0)thirdPartyScript=true;else if(message.indexOf("redefine non-configurable")>=0&&message.indexOf("userAgent")>=0)thirdPartyScript=true;var baseUrl=window["ytcfg"].get("EMERGENCY_BASE_URL","https://www.youtube.com/error_204?t=jserror&level=ERROR");var unsupported=message.indexOf("window.customElements is undefined")>=0;if(thirdPartyScript\|\|unsupported)baseUrl=baseUrl.replace("level=ERROR","level=WARNING");var parts=[baseUrl];for(var key in values){var value= equals www.youtube.com (Youtube)
Source: www-tampering[1].js.20.dr	String found in binary or memory: var H=Object.freeze("document.appendChild document.body.appendChild document.querySelector document.querySelectorAll history.back history.go".split(" ")),I=Object.freeze("fonts.googleapis.com s0.2mdn.net securepubads.g.doubleclick.net ssl.google-analytics.com static.doubleclick.net www.google-analytics.com www.googletagservices.com www.youtube.com youtube.com".split(" ")),J=Object.freeze(["pkedcjkdefgpdelpbcmbmeomcjbeemfm","fjhoaacokmgbjemoflkofnenfaiekifl","enhhojjnijigcajfphajepfemndkmdlo"]),K= equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: var combinedLineAndColumn=err.lineNumber;if(!isNaN(err["columnNumber"]))combinedLineAndColumn+=":"+err["columnNumber"];var stack=err.stack\|\|"";var values={"msg":message,"type":err.name,"client.params":"unhandled window error","file":err.fileName,"line":combinedLineAndColumn,"stack":stack.substr(0,500)};var thirdPartyScript=!err.fileName\|\|err.fileName==="<anonymous>"\|\|stack.indexOf("extension://")>=0;var replaced=stack.replace(/https:\/\/www.youtube.com\//g,"");if(replaced.match(/https?:\/\/[^/]+\//))thirdPartyScript= equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: visiontimes.com

Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0//1.0/
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/ER2$RM
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/S1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/n1:X
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, VisionTimesNews[1].htm.20.dr	String found in binary or memory: http://schema.org
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: http://schema.org/ImageObject
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: http://schema.org/Person
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: http://schema.org/http://schema.org/YoutubeChannelV2
Source: AcroRd32.exe, 00000003.00000003.821631725.000000000D2C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.co#3
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/A1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#J1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#T1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#x1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type##1
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000003.00000002.842459707.000000000B2F8000.00000004.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: msapplication.xml4.19.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml6.19.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.19.dr	String found in binary or memory: http://www.youtube.com/
Source: base[1].js.20.dr	String found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.20.dr	String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.20.dr	String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.20.dr	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: AcroRd32.exe, 00000003.00000003.821631725.000000000D2C9000.00000004.00000001.sdmp	String found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000003.00000002.846027852.000000000CD88000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000003.00000002.841476166.000000000B1A2000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000003.00000002.841476166.000000000B1A2000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000003.00000002.841476166.000000000B1A2000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comRL
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://api.w.org/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.js
Source: base[1].js.20.dr	String found in binary or memory: https://docs.google.com/get_video_info
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://es-visiontimes.com/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://findingcourage.vhx.tv/buy?campaign=visiontimes
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://i.ytimg.com/generate_204
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2018/02/1200px-Bowl_with_dragons_phoenixes_gourds_and_characters_for_hap
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2019/12/Departure_Herald-Detail.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2020/11/FC_web-ad_300x250.png
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2020/12/Mike_-Pompeo-696x467.png
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2020/12/carrie-lam-696x403.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/01/1-Plum-Blossom-Taipei-Billy-16-9-696x392.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/01/Kowloon_-Hong-Kong-696x403.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/A-Cherry-Taiwan-theme16-9-696x392.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/GettyImages-1167449297-696x464.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/GettyImages-Grandpa_-Taiwan_-1166633778-scaled-1-696x464.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/IMG_7657-16-9-696x392.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/New-Year-Eve_Dinner-Taiwan-16-9-Featured-696x392.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/USS-McCain_-696x403.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/cks-Memorial-musical-hall-Taipei-16-9-696x392.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/hong-kong-2021-02-22-0915-696x403.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/orchid-1004703_1280-650x380-1.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/tsai-ing-wen-2021-02-19-1114-696x403.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/A-Azalea-Taiwan-University-16-9-324x400.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/A-Yangmingshan-Flower-Festival-Taiwan-16-9-1-696x392.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/Cherry-blossom-Smarcus-Taiwan-Ariel-16-9-696x392.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/IMG_0118-696x452.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/Scott_Perry.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/Taiwan_Coast_Guard_-696x436.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/Taiwan_Coast_Guard_.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/be_kind_to_mother-696x464.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/chinese_phoenix-696x464.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/filial_respect-696x462.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/gold_ingots_fortune-696x464.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/lucky_bamboo-696x701.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/triad_members_attack_protesters-696x426.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/west-kowloon-court-2021-03-16-1238-696x461.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/GettyImages-1230847418-324x400.jpg
Source: americas[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/GettyImages-1231892933.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/PLA-324x400.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/Sun-Simiao-696x467.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/he_received_the_money_but_refused_to_pay_it_back-696x462.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/laozi-buffalo-lao-tzu-mural-vancouver-bc-canada-chinatown-696x42
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/logo720x720-300x300.png
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/pexels-brayden-law-1738997-696x464.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/visiontimes-2021-green-v5-300x99.png
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/35112221571_2ae59790ca_k-324x400.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/35326362040_8b812ebeac_k-696x451.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/5559491159_c7211e640b_k-324x400.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/Apple_-Daily_-founder_-Jimmy-Lai-696x464.png
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1145806285-696x464.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1154785472.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1161107823-324x400.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1229868341-696x464.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1230847418-1068x712.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1231586684-324x400.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1232277182-696x464.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-160772381-696x368.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-72482341-324x400.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/biden-white-house-semiconductor-computer-chips-GettyImages-12322
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/china-ancient-scene-painting_getCollectionImage-1-696x461.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/china-ancient-scene-painting_getCollectionImage-1.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/emperor-wen-of-han_epochtimesSG-674x489-1-324x400.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/maxresdefault-2-696x392.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/maxresdefault-3-324x400.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/maxresdefault-4-696x392.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/min-ziqian_2005-3-11-24xiao-05-696x526.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-1068x695.
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-150x98.jp
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-1536x999.
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-300x195.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-600x390.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-646x420.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-696x453.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-768x500.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpg
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpg3
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgB&
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgDC
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgalth-w
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgbH
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgd
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgdth
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgic
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgn
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgxyIds
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pexels-charles-parker-6647733-1-696x464.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/sanxingdui_nine-bird-tree_GettyImages-1213735045-324x400.jpg
Source: AcroRd32.exe, 00000003.00000002.834624233.0000000009193000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000003.00000002.834624233.0000000009193000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.comQ
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://m.youtube.com/c/VisionTimesNews
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://m.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://ogp.me/ns#
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://pinterest.com/pin/create/button/?url=https://www.visiontimes.com/2021/05/11/chinese-weaponiz
Source: base[1].js.20.dr	String found in binary or memory: https://redux.js.org/api/store#subscribelistener
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://schema.org
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://schema.org/Article
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://schema.org/ImageObject
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://schema.org/Organization
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://schema.org/Person
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://schema.org/WebPage
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=160&r=g
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=192&r=g
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=80&r=g
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=96&r=g
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=96&r=g
Source: ServiceLogin[1].htm.20.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en.OqmNd4Eh2BY.O/am=B2DcsKAABAAAAgAA
Source: base[1].js.20.dr	String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://thevisiontimes.org
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://tnews.to/Powerful-Antidote-and-Survives
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://tnews.to/Reject-the-CCP-from-the-Plague
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://tnews.to/Ruling-Our-World
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://tnews.to/endccp.com99
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://twitter.com/intent/tweet?text=Chinese
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/about-us
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/advertise
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/contact-us
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/copyright-policy-and-infringement-notification
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/policies
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/privacy
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/submissions
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimesjp.com/
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: GettyImages-1154785472[1].jpg.20.dr	String found in binary or memory: https://www.gettyimages.com/detail/1154785472?utm_medium=organic&utm_source=google&utm_campa
Source: GettyImages-1229868341[1].jpg.20.dr	String found in binary or memory: https://www.gettyimages.com/detail/1229868341?utm_medium=organic&utm_source=google&utm_campa
Source: base[1].js.20.dr	String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-194426952-1
Source: AcroRd32.exe, 00000003.00000002.839117005.000000000A54F000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.newindianexpress.com/world/2021/may/10/outright-lies-says-china-on-reports-that-it-probe
Source: AcroRd32.exe, 00000003.00000002.839039400.000000000A4A0000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.nspirement.com/2021/03/24/bioweapons-expert-warns-laboratory-viruses-pose-existential-th
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.secretchina.com/
Source: VisionTimesNews[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/#organization
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/#website
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2020/12/13/hong-kong-leader-says-she-has-piles-of-cash-at-home-after-us-
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2020/12/15/more-sanctions-put-on-chinese-officials-involved-in-draconian
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/01/28/breathtaking-plum-blossoms-in-taiwan.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/01/28/the-government-of-hong-kong-has-lifted-lockdown-restrictions-
Source: AcroRd32.exe, 00000003.00000002.839039400.000000000A4A0000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/01/30/the-world-health-organization-who-has-begun-its-investigation
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/01/hong-kong-national-security-law-fallout-hsbc-brought-before-u
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/07/american-warship-uss-mccain-recently-made-a-routine-transit-t
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/07/pro-beijing-curriculum-targets-hong-kong-schoolchildren-for-r
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/09/the-splendid-floriculture-experiment-center-in-taiwan.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/12/how-do-hong-kongers-celebrate-chinese-new-year-hint-flowers.h
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/16/a-typical-new-year-eve-reunion-dinner-in-taiwan.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/19/a-memorial-that-abounds-with-traditional-chinese-culture-and-
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/20/taiwan-ties-with-us-military-remain-strong-amid-threats-from-
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/23/leaving-hong-kong-to-escape-the-chinese-communist-regime.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/24/a-charming-city-in-southern-taiwan.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/08/the-breathtaking-mingchi-forest-recreation-area-in-taiwan.htm
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/09/thugs-for-hire-the-hong-kong-triads.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/13/magnificent-cherry-blossoms-in-taiwans-mountainous-area.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/17/47-arrested-for-involvement-in-hk-legislative-council-primary
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/19/2021-yangmingshan-flower-festival-in-taiwan.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/22/elderly-man-tricked-a-rich-boy-into-losing-his-fortune.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/25/405244.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/26/learn-how-lucky-bamboo-arrangements-does-bring-positivity-in-
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/26/taiwan-and-us-announce-new-coast-guard-pact.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/27/a-sunbathing-mother.html
Source: AcroRd32.exe, 00000003.00000002.839039400.000000000A4A0000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/28/five-things-to-know-before-getting-a-coronavirus-vaccine.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/29/god-helps-the-people-with-filial-respect.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/31/how-the-chinese-phoenix-got-its-feathers.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/02/2021-taipei-azalea-festival.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/05/perfection-is-in-the-eye-of-the-beholder.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/10/disintegration-of-democracy-with-ccp-controlled-patriot-elect
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/10/honesty-and-sincerity-are-more-important-than-appearance.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/10/if-you-owe-it-you-must-pay-it-back.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/20/political-shifts-cause-increased-migration-from-hong-kong-to-
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/22/warning-china-holds-military-drills-as-biden-delegation-visit
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/26/sun-simiaos-cure-all-nourish-the-mind-and-body-with-virtue.ht
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/27/first-nations-vaccine-adverse-reactions-charles-hoffe.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/28/taiwan-crackdown-ccp-intellectual-property-theft.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/03/hong-kong-crushes-media-lawyers-as-pro-communist-party-establ
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/03/stories-from-the-students-rules-1-at-home-be-dutiful-to-paren
Source: AcroRd32.exe, 00000003.00000002.834725435.000000000924B000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/04/conflict-of-interest-wuhan-lab.html
Source: AcroRd32.exe, 00000003.00000002.834725435.000000000924B000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/2021/05/04/conflict-of-interest-wuhan-lab.htmlh
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/05/good-music-has-miraculous-healing-effects.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/08/communist-china-unlikely-to-succeed-if-it-attempts-to-take-ta
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/10/the-commoner-who-became-a-legendary-chinese-emperor.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html#respond
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html#richSnippet
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html#webpage
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html/feed
Source: AcroRd32.exe, 00000003.00000002.847331631.000000000D140000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.htmlX
Source: AcroRd32.exe, 00000003.00000002.847331631.000000000D140000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.htmll
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/tsmcs-chairman-founder-express-disapproval-of-moving-manufact
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/12/epoch-times-baseball-bat-attack.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/12/us-business-exodus-hong-kong.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/12/waqa-tabu-ships-fijian-drua.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/17/archaeological-discoveries-at-chinas-sanxingdui-provide-fresh
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/18/jimmy-lai-next-media-asset-freeze.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/18/stories-from-the-students-rules-2-honoring-parents-through-go
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/19/hong-kong-communist-party-infighting.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/22/how-confucius-customized-instruction-to-each-student.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/23/hong-kong-nsl-trial-no-jury.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/27/confucius-business-wisdom-zi-gong.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/30/china-and-americas-fate%ef%bc%9aa-conversation-between-simone
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/30/huawei-spreads-developing-world.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/alberta-bans-universities-china.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/blm-flag-state-department.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/hikvision-thermal-image-us-gov.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/indias-new-social-media-law-backlash-from-twitter-and-whatsap
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/stories-from-the-students-rules-3-duty-as-a-sibling.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/?p=414146
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/?sccss=1&ver=91a0085bdbdf8c697ca740db1be61b2d
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/about-us
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/advertise
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/author/todd-crawford
Source: AcroRd32.exe, 00000003.00000002.834662545.00000000091CE000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/author/todd-crawfordb
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/archaeology
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/china-insights
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture#webpage
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture/feed
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture/page/2
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture/page/3
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture/page/5
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/hong-kong
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/hong-kong#webpage
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/hong-kong/feed
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/hong-kong/page/2
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan#webpage
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan/feed
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan/page/13
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan/page/2
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan/page/3
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/editors-pick
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/explore
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/explore/places
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/explore/places/explore-earth
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/explore/places/top-tips
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/human-rights-and-wrongs
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/life
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/life/animals-explore
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/life/wellness
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/environment
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/mysteries
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/space
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/tech
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/the-web
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/us
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/africa
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/americas
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/americas#webpage
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/americas/feed
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/asia-pacific
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/europe
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/south-asia
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/comments/feed
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/contact-us
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/donate
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/donations
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/feed
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/hroughViewSpectrumBackground_active
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/policies
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/rss-feeds
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/biological-warfare
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/chinese-communist-party-ccp
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/chinese-peoples-liberation-army
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/coronavirus
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/covid-19-origin
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/pandemic
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/publishpress-authors/src/assets/css/multiple-authors-
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?v
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_mai
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?v
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=78be34af34
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-newsletter/style.css?ver=10.4
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pac
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/vt-301/public/css/vt-301-public.css?ver=1.0.0
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/vt-301/public/js/vt-301-public.js?ver=1.0.0
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/vt-enhancement/public/css/vt-enhancement-public.css?v
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/vt-enhancement/public/js/vt-enhancement-public.js?ver
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/themes/Newspaper-child/style.css?ver=10.4c
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/themes/Newspaper/style.css?ver=10.4
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/04/cropped-favicon-512x512-1-1-180x180.png
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/04/cropped-favicon-512x512-1-1-192x192.png
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/04/cropped-favicon-512x512-1-1-270x270.png
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/04/cropped-favicon-512x512-1-1-32x32.png
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/05/Apple_-Daily_-founder_-Jimmy-Lai.png
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/05/maxresdefault-2.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/05/pcr-tests_health-workers-mexico_GettyImages-1
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/css/dashicons.min.css?ver=91a0085bdbdf8c697ca740db1be61b2d
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/css/dist/block-library/style.min.css?ver=91a0085bdbdf8c697ca
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/comment-reply.min.js?ver=91a0085bdbdf8c697ca740db1be61b2d
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/underscore.min.js?ver=1.8.3
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/wp-embed.min.js?ver=91a0085bdbdf8c697ca740db1be61b2d
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/wlwmanifest.xml
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.visiontimes.com%2F2021%2F
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/categories/11124
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/categories/28113
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/categories/29670
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/categories/32022
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/posts/414146
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/xmlrpc.php
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/xmlrpc.php?rsd
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.fr/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.it/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.net/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimesjp.com/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/c/VisionTimesNews
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/error_204?t=jserror&level=ERROR
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/feeds/videos.xml?channel_id=UCwjyYoGq87bnV3t1nqSjGNg
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon.ico
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon_144.png
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon_32.png
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon_48.png
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon_96.png
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/fetch-polyfill.vflset/fetch-polyfill.js
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/scheduler.vflset/scheduler.js
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/spf.vflset/spf.js
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/web-animations-next-lite.min.vflset/web-animations-
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/webcomponents-all-noPatch.vflset/webcomponents-all-
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/www-tampering.vflset/www-tampering.js
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://youtu.be/075u_Hzv_7U
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://youtu.be/ATvHx_pD-PE
Source: base[1].js.20.dr	String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s200-c-k-c0x00ffffff-no-rj?da
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800

Source: unknown	HTTPS traffic detected: 172.67.73.71:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.73.71:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.20.22:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.20.22:443 -> 192.168.2.4:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.98:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.98:443 -> 192.168.2.4:49801 version: TLS 1.2

Source: classification engine

Classification label: clean2.winPDF@17/224@10/7

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1970u89_t3kn_5hs.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: ChineseCoronaviruses53lyqK.pdf	Initial sample: PDF keyword /JS count = 0
Source: ChineseCoronaviruses53lyqK.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: ChineseCoronaviruses53lyqK.pdf

Initial sample: PDF keyword stream count = 36

Source: ChineseCoronaviruses53lyqK.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: AcroRd32.exe, 00000003.00000002.843245398.000000000C52A000.00000004.00000001.sdmp	Binary or memory string: KX$IU"]`ETW<IM,KO.af=qvMci9HN
Source: AcroRd32.exe, 00000003.00000002.847805941.000000000D8BC000.00000004.00000001.sdmp	Binary or memory string: [UZ}t\|WNVMCI/$*0$$YMMxlezng
Source: AcroRd32.exe, 00000003.00000002.847414061.000000000D191000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 3_2_00B92490 LdrInitializeThunk,

3_2_00B92490

Source: AcroRd32.exe, 00000003.00000002.824539826.00000000057B0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000003.00000002.824539826.00000000057B0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000003.00000002.824539826.00000000057B0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000003.00000002.824539826.00000000057B0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.0.73.2	secure.gravatar.com	United States	2635	AUTOMATTICUS	false
104.26.2.228	img.visiontimes.com	United States	13335	CLOUDFLARENETUS	false
172.217.20.22	i.ytimg.com	United States	15169	GOOGLEUS	false
172.67.73.71	visiontimes.com	United States	13335	CLOUDFLARENETUS	false
80.0.0.0	unknown	United Kingdom	5089	NTLGB	false
172.217.19.98	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1

Contacted Domains

Name	IP	Active
secure.gravatar.com	192.0.73.2	true
img.visiontimes.com	104.26.2.228	true
googleads.g.doubleclick.net	172.217.19.98	true
visiontimes.com	172.67.73.71	true
i.ytimg.com	172.217.20.22	true
www.visiontimes.com	172.67.73.71	true
www.youtube.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.visiontimes.com/c/world/south-asia	false	high
https://www.visiontimes.com/c/china/china-insights	false	high
https://www.visiontimes.com/c/china	false	high
https://www.visiontimes.com/c/china/hong-kong	false	high
https://www.youtube.com/c/VisionTimesNews	false	high

Phishing:

Invalid 'forgot password' link found

Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: Invalid link: Forgot your password? Get help
Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: Invalid link: Forgot your password? Get help

Invalid T&C link found

Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: Invalid link: Forgot your password? Get help
Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: Invalid link: Forgot your password? Get help

Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: No <meta name="author".. found
Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: No <meta name="author".. found

Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: No <meta name="copyright".. found
Source: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.67.73.71:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.73.71:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.20.22:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.20.22:443 -> 192.168.2.4:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.98:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.98:443 -> 192.168.2.4:49801 version: TLS 1.2

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 192.0.73.2 192.0.73.2
Source: Joe Sandbox View	IP Address: 192.0.73.2 192.0.73.2

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com","thumbnail":{"thumbnails":[{"url":"https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s200-c-k-c0x00ffffff-no-rj?days_since_epoch=18779","width":200,"height":200}]},"siteName":"YouTube","appName":"YouTube","androidPackage":"com.google.android.youtube","iosAppStoreId":"544007664","iosAppArguments":"https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg","ogType":"yt-fb-app:channel","urlApplinksWeb":"https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks","urlApplinksIos":"vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks","urlApplinksAndroid":"vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks","urlTwitterIos":"vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=twitter-deep-link","urlTwitterAndroid":"vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=twitter-deep-link","twitterCardType":"summary","twitterSiteHandle":"@YouTube","schemaDotOrgType":"http://schema.org/http://schema.org/YoutubeChannelV2","noindex":false,"unlisted":false,"familySafe":true,"tags":["Vision times","China","Global News","World News","Current Issue","News","Disaster","Global Issues"],"availableCountries":["NF","FO","TH","DO","UM","BA","PM","CG","JP","MH","MQ","RO","WS","LS","MO","GG","HN","NI","UG","BS","MR","SV","MN","TC","AX","TV","NA","PW","GB","NO","NZ","HT","AE","BZ","GL","GU","FJ","GQ","TZ","AI","PS","LU","BF","JO","GE","CA","BL","DE","TL","KH","IT","LV","TM","VN","EH","MM","KY","SR","BB","IQ","CF","CI","KR","ST","ES","OM","IL","AR","DZ","LR","PL","UA","MS","IS","KI","AT","GW","TK","WF","ID","SA","NU","BI","GI","ML","KN","NC","VA","BY","NE","MU","KM","BJ","SX","TO","IE","CZ","ZA","MK","GT","IN","PH","CW","KZ","SL","SZ","PN","BE","IO","AD","RU","ZW","SM","VI","LI","KP","AG","PF","CV","FI","MC","YE","CC","MF","PR","PE","BV","GN","BR","HU","AU","IR","UZ","AW","FK","YT","MV","SD","SI","SJ","TD","TG","CM","BT","GS","CK","SH","NP","LT","TJ","HK","NG","MT","SB","AM","BO","CL","MD","BG","IM","FM","MP","GM","VE","EC","SS","HR","KG","GH","HM","GP","BD","PA","AF","RS","AZ","SE","SO","TN","BW","GF","TW","MW","JM","GA","TT","VG","CR","PY","NL","VC","SC","CX","DJ","LC","PK","KW","GD","KE","SK","ET","ME","SY","TF","PT","SN","MX","VU","EE","SG","TR","ER","AL","BH","MG","QA","MY","US","BM","CN","GR","AS","GY","LY","LB","LK","DM","MA","CO","RW","NR","ZM","DK","CY","PG","CU","UY","EG","CH","MZ","CD","JE","BN","AO","BQ","FR","LA","RE","AQ"],"linkAlternates":[{"hrefUrl":"https://m.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"},{"hrefUrl":"android-app://com.google.android.youtube/http/youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"},{"hrefUrl":"ios-app://544007664/http/youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"}]}}};</script><link rel="canonical" href="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><link rel="alternate" media="handheld" href="https://m.youtube.com/c/VisionTimesNews"><link rel="alternate" media="
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com"><meta name="keywords" content=""Vision times" China "Global News" "World News" "Current Issue" News Disaster "Global Issues""><link rel="alternate" type="application/rss+xml" title="RSS" href="https://www.youtube.com/feeds/videos.xml?channel_id=UCwjyYoGq87bnV3t1nqSjGNg"><meta property="og:title" content="Vision Times News"><link rel="image_src" href="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><meta property="og:site_name" content="YouTube"><meta property="og:url" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta property="og:image" content="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><meta property="og:image:width" content="900"><meta property="og:image:height" content="900"><meta property="og:description" content="Bringing you Truth, Inspiration, Hope. equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: "><meta itemprop="paid" content="false"><meta itemprop="channelId" content="UCwjyYoGq87bnV3t1nqSjGNg"><span itemprop="author" itemscope itemtype="http://schema.org/Person"><link itemprop="url" href="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><link itemprop="name" content="Vision Times News"></span><script type="application/ld+json" nonce="xISKpvuiOBfpVhfcEyXnkA">{"@context": "http://schema.org", "@type": "BreadcrumbList", "itemListElement": [{"@type": "ListItem", "position": 1, "item": {"@id": "https:\/\/www.youtube.com\/channel\/UCwjyYoGq87bnV3t1nqSjGNg", "name": "Vision Times News"}}]}</script><link itemprop="thumbnailUrl" href="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><span itemprop="thumbnail" itemscope itemtype="http://schema.org/ImageObject"><link itemprop="url" href="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><meta itemprop="width" content="900"><meta itemprop="height" content="900"></span><meta itemprop="isFamilyFriendly" content="true"><meta itemprop="regionsAllowed" content="NF,FO,TH,DO,UM,BA,PM,CG,JP,MH,MQ,RO,WS,LS,MO,GG,HN,NI,UG,BS,MR,SV,MN,TC,AX,TV,NA,PW,GB,NO,NZ,HT,AE,BZ,GL,GU,FJ,GQ,TZ,AI,PS,LU,BF,JO,GE,CA,BL,DE,TL,KH,IT,LV,TM,VN,EH,MM,KY,SR,BB,IQ,CF,CI,KR,ST,ES,OM,IL,AR,DZ,LR,PL,UA,MS,IS,KI,AT,GW,TK,WF,ID,SA,NU,BI,GI,ML,KN,NC,VA,BY,NE,MU,KM,BJ,SX,TO,IE,CZ,ZA,MK,GT,IN,PH,CW,KZ,SL,SZ,PN,BE,IO,AD,RU,ZW,SM,VI,LI,KP,AG,PF,CV,FI,MC,YE,CC,MF,PR,PE,BV,GN,BR,HU,AU,IR,UZ,AW,FK,YT,MV,SD,SI,SJ,TD,TG,CM,BT,GS,CK,SH,NP,LT,TJ,HK,NG,MT,SB,AM,BO,CL,MD,BG,IM,FM,MP,GM,VE,EC,SS,HR,KG,GH,HM,GP,BD,PA,AF,RS,AZ,SE,SO,TN,BW,GF,TW,MW,JM,GA,TT,VG,CR,PY,NL,VC,SC,CX,DJ,LC,PK,KW,GD,KE,SK,ET,ME,SY,TF,PT,SN,MX,VU,EE,SG,TR,ER,AL,BH,MG,QA,MY,US,BM,CN,GR,AS,GY,LY,LB,LK,DM,MA,CO,RW,NR,ZM,DK,CY,PG,CU,UY,EG,CH,MZ,CD,JE,BN,AO,BQ,FR,LA,RE,AQ"><link rel="alternate" href="android-app://com.google.android.youtube/http/www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><link rel="alternate" href="ios-app://544007664/vnd.youtube/www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><script nonce="xISKpvuiOBfpVhfcEyXnkA">if (window.ytcsi) {window.ytcsi.tick('pdr', null, '');}</script><script nonce="xISKpvuiOBfpVhfcEyXnkA">(function() {var setFiller = function() { var fillerData={browse:{filler:true,page:"browse"},home:{filler:true,page:"home",endpoint:{commandMetadata:{webCommandMetadata:{url:"/",webPageType:"WEB_PAGE_TYPE_BROWSE"}},urlEndpoint:{url:"/"}},response:{contents:{twoColumnBrowseResultsRenderer:{tabs:[{tabRenderer:{selected:true,content:{richGridRenderer:{contents:[],continuations:[{nextContinuationData:{continuation:""}}]}}}}]}}}},search:{filler:true,page:"search",endpoint:{commandMetadata:{webCommandMetadata:{url:"/results",webPageType:"WEB_PAGE_TYPE_SEARCH"}}, equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: "><meta name="twitter:image" content="https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj"><meta name="twitter:app:name:iphone" content="YouTube"><meta name="twitter:app:id:iphone" content="544007664"><meta name="twitter:app:name:ipad" content="YouTube"><meta name="twitter:app:id:ipad" content="544007664"><meta name="twitter:app:url:iphone" content="vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta name="twitter:app:url:ipad" content="vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta name="twitter:app:name:googleplay" content="YouTube"><meta name="twitter:app:id:googleplay" content="com.google.android.youtube"><meta name="twitter:app:url:googleplay" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><link itemprop="url" href="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta itemprop="name" content="Vision Times News"><meta itemprop="description" content="Bringing you Truth, Inspiration, Hope. equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: "><meta property="al:ios:app_store_id" content="544007664"><meta property="al:ios:app_name" content="YouTube"><meta property="al:ios:url" content="vnd.youtube://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta property="al:android:url" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks"><meta property="al:android:app_name" content="YouTube"><meta property="al:android:package" content="com.google.android.youtube"><meta property="al:web:url" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks"><meta property="og:type" content="profile"><meta property="og:video:tag" content="Vision times"><meta property="og:video:tag" content="China"><meta property="og:video:tag" content="Global News"><meta property="og:video:tag" content="World News"><meta property="og:video:tag" content="Current Issue"><meta property="og:video:tag" content="News"><meta property="og:video:tag" content="Disaster"><meta property="og:video:tag" content="Global Issues"><meta property="fb:app_id" content="87741124305"><meta name="twitter:card" content="summary"><meta name="twitter:site" content="@youtube"><meta name="twitter:url" content="https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg"><meta name="twitter:title" content="Vision Times News"><meta name="twitter:description" content="Bringing you Truth, Inspiration, Hope. equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: (g.Wm(b,"www.youtube.com"),c=b.toString()):c=Sv(c);b=new uy(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </a><a class="td-social-sharing-button td-social-sharing-button-js td-social-network td-social-twitter" href="https://twitter.com/intent/tweet?text=Chinese+Scientists+Looked+Into+Weaponizing+Coronaviruses%2C+According+to+Dossier&url=https%3A%2F%2Fwww.visiontimes.com%2F2021%2F05%2F11%2Fchinese-weaponizing-coronavirus.html&via=Vision+Times" title="Twitter"> equals www.twitter.com (Twitter)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: </script><link rel="shortcut icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon.ico" type="image/x-icon"><link rel="icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon_32.png" sizes="32x32"><link rel="icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon_48.png" sizes="48x48"><link rel="icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon_96.png" sizes="96x96"><link rel="icon" href="https://www.youtube.com/s/desktop/1f277c2a/img/favicon_144.png" sizes="144x144"><script nonce="xISKpvuiOBfpVhfcEyXnkA">var ytcsi={gt:function(n){n=(n\|\|"")+"data_";return ytcsi[n]\|\|(ytcsi[n]={tick:{},info:{}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t\|\|ytcsi.now();if(ticks[l]){ticks["_"+l]=ticks["_"+l]\|\|[ticks[l]];ticks["_"+l].push(v)}ticks[l]=v},info:function(k, equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: </script><script nonce="xISKpvuiOBfpVhfcEyXnkA">(function() {var img = new Image().src = "https://i.ytimg.com/generate_204";})();</script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/webcomponents-all-noPatch.vflset/webcomponents-all-noPatch.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/fetch-polyfill.vflset/fetch-polyfill.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script nonce="xISKpvuiOBfpVhfcEyXnkA">if (window.ytcsi) {window.ytcsi.tick('lpcs', null, '');}</script><script nonce="xISKpvuiOBfpVhfcEyXnkA">(function() {window.ytplayer={}; equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: </script><script nonce="xISKpvuiOBfpVhfcEyXnkA">if (window.ytcsi) {window.ytcsi.tick('lpcf', null, '');}</script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/scheduler.vflset/scheduler.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/www-tampering.vflset/www-tampering.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script src="https://www.youtube.com/s/desktop/1f277c2a/jsbin/spf.vflset/spf.js" nonce="xISKpvuiOBfpVhfcEyXnkA"></script><script nonce="xISKpvuiOBfpVhfcEyXnkA">if(window["_spf_state"])window["_spf_state"].config={"assume-all-json-requests-chunked":true}; equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social1 tdi_28"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="#" title="Vimeo" class="tdm-social-item"><i class="td-icon-font td-icon-vimeo"></i></a><a href="#" class="tdm-social-text">Vimeo</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div><div id="tdi_29" class="tdc-row"><div class="vc_row tdi_30 wpb_row td-pb-row"> equals www.facebook.com (Facebook)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social1 tdi_28"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="#" title="Vimeo" class="tdm-social-item"><i class="td-icon-font td-icon-vimeo"></i></a><a href="#" class="tdm-social-text">Vimeo</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div><div id="tdi_29" class="tdc-row"><div class="vc_row tdi_30 wpb_row td-pb-row"> equals www.twitter.com (Twitter)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social1 tdi_28"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="#" title="Vimeo" class="tdm-social-item"><i class="td-icon-font td-icon-vimeo"></i></a><a href="#" class="tdm-social-text">Vimeo</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div><div id="tdi_29" class="tdc-row"><div class="vc_row tdi_30 wpb_row td-pb-row"> equals www.youtube.com (Youtube)
Source: hong-kong[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_126"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_127" class="tdc-row stretch_row"><div class="vc_row tdi_128 wpb_row td-pb-row tdc-element-style"> equals www.facebook.com (Facebook)
Source: hong-kong[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_126"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_127" class="tdc-row stretch_row"><div class="vc_row tdi_128 wpb_row td-pb-row tdc-element-style"> equals www.twitter.com (Twitter)
Source: hong-kong[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_126"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_127" class="tdc-row stretch_row"><div class="vc_row tdi_128 wpb_row td-pb-row tdc-element-style"> equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_143"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_144" class="tdc-row stretch_row"><div class="vc_row tdi_145 wpb_row td-pb-row tdc-element-style"> equals www.facebook.com (Facebook)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_143"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_144" class="tdc-row stretch_row"><div class="vc_row tdi_145 wpb_row td-pb-row tdc-element-style"> equals www.twitter.com (Twitter)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: </style><div class="tdm-social-wrapper tds-social4 tdi_143"><div class="tdm-social-item-wrap"><a href="https://www.facebook.com/Vision-Times-109244641311153" title="Facebook" class="tdm-social-item"><i class="td-icon-font td-icon-facebook"></i></a><a href="https://www.facebook.com/Vision-Times-109244641311153" class="tdm-social-text">Facebook</a></div><div class="tdm-social-item-wrap"><a href="#" title="Instagram" class="tdm-social-item"><i class="td-icon-font td-icon-instagram"></i></a><a href="#" class="tdm-social-text">Instagram</a></div><div class="tdm-social-item-wrap"><a href="#" title="Pinterest" class="tdm-social-item"><i class="td-icon-font td-icon-pinterest"></i></a><a href="#" class="tdm-social-text">Pinterest</a></div><div class="tdm-social-item-wrap"><a href="#" title="Reddit" class="tdm-social-item"><i class="td-icon-font td-icon-reddit"></i></a><a href="#" class="tdm-social-text">Reddit</a></div><div class="tdm-social-item-wrap"><a href="https://twitter.com/times_vision" title="Twitter" class="tdm-social-item"><i class="td-icon-font td-icon-twitter"></i></a><a href="https://twitter.com/times_vision" class="tdm-social-text">Twitter</a></div><div class="tdm-social-item-wrap"><a href="https://www.youtube.com/c/VisionTimesNews" title="Youtube" class="tdm-social-item"><i class="td-icon-font td-icon-youtube"></i></a><a href="https://www.youtube.com/c/VisionTimesNews" class="tdm-social-text">Youtube</a></div></div></div></div></div></div></div></div></div></div></div><div id="tdi_144" class="tdc-row stretch_row"><div class="vc_row tdi_145 wpb_row td-pb-row tdc-element-style"> equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: <a target="_blank" href="https://www.youtube.com/c/VisionTimesNews" title="Youtube"> equals www.youtube.com (Youtube)
Source: msapplication.xml7.19.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf7f40688,0x01d756f0</date><accdate>0xf7f40688,0x01d756f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.19.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf7f40688,0x01d756f0</date><accdate>0xf7f40688,0x01d756f0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: <div class="td-post-sharing-visible"><a class="td-social-sharing-button td-social-sharing-button-js td-social-network td-social-facebook" href="https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.visiontimes.com%2F2021%2F05%2F11%2Fchinese-weaponizing-coronavirus.html" title="Facebook"> equals www.facebook.com (Facebook)
Source: base[1].js.20.dr	String found in binary or memory: Nha,Oha);h=this.loaderUrl;var l=void 0===l?!1:l;this.Bj=Jv(Lv(h,Pha,null),h,l,"Trusted Ad Domain URL");this.xa=kD(!1,a.privembed);this.protocol=0===this.Lb.indexOf("http:")?"http":"https";this.Aa=Nv((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)\|\|"")\|\|Nv(this.Lb)\|\|this.protocol+"://www.youtube.com/";l=b?b.eventLabel:a.el;h="detailpage";"adunit"===l?h=this.l?"embedded":"detailpage":"embedded"===l\|\|this.u?h=lD(h,l,Qha):l&&(h="embedded");this.Fa=h;rq();l=null;h=b?b.playerStyle:a.ps;var m=g.gb(rD,h);!h\|\|m&& equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: g.S(this.experiments,"web_player_api_logging_fraction");this.Da=!this.xa;this.enabledEngageTypes=new Set;this.deviceHasDisplay=b?!b.deviceIsAudioOnly:kD(!0,a.deviceHasDisplay);this.dd=mD(this.dd,a.ismb);t=a;g.yC(this.experiments,"html5_qoe_intercept")?t=g.yC(this.experiments,"html5_qoe_intercept"):this.Aj?(t=t.vss_host\|\|"s.youtube.com",this.Z("www_for_videostats")&&"s.youtube.com"===t&&(t=JD(this.Aa)\|\|"www.youtube.com")):t="video.google.com";this.hj=t;KD(this,a,!0);this.V=new RC;g.G(this,this.V); equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: g.TD=function(a){a=JD(a.Aa);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: g.jE=function(a){var b=g.UD(a);!a.Z("yt_embeds_disable_new_error_lozenge_url")&&Tha.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.20.dr	String found in binary or memory: tha=function(a,b){if(!a.i["0"]){var c=new cB("0","fakesb",{video:new ZA(0,0,0,void 0,void 0,"auto")});a.i["0"]=b?new kA(new uy("http://www.youtube.com/videoplayback"),c,"fake"):new VA(new uy("http://www.youtube.com/videoplayback"),c,new Rz(0,0),new Rz(0,0))}}; equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: true;else if(stack.indexOf("trapProp")>=0&&stack.indexOf("trapChain")>=0)thirdPartyScript=true;else if(message.indexOf("redefine non-configurable")>=0&&message.indexOf("userAgent")>=0)thirdPartyScript=true;var baseUrl=window["ytcfg"].get("EMERGENCY_BASE_URL","https://www.youtube.com/error_204?t=jserror&level=ERROR");var unsupported=message.indexOf("window.customElements is undefined")>=0;if(thirdPartyScript\|\|unsupported)baseUrl=baseUrl.replace("level=ERROR","level=WARNING");var parts=[baseUrl];for(var key in values){var value= equals www.youtube.com (Youtube)
Source: www-tampering[1].js.20.dr	String found in binary or memory: var H=Object.freeze("document.appendChild document.body.appendChild document.querySelector document.querySelectorAll history.back history.go".split(" ")),I=Object.freeze("fonts.googleapis.com s0.2mdn.net securepubads.g.doubleclick.net ssl.google-analytics.com static.doubleclick.net www.google-analytics.com www.googletagservices.com www.youtube.com youtube.com".split(" ")),J=Object.freeze(["pkedcjkdefgpdelpbcmbmeomcjbeemfm","fjhoaacokmgbjemoflkofnenfaiekifl","enhhojjnijigcajfphajepfemndkmdlo"]),K= equals www.youtube.com (Youtube)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: var combinedLineAndColumn=err.lineNumber;if(!isNaN(err["columnNumber"]))combinedLineAndColumn+=":"+err["columnNumber"];var stack=err.stack\|\|"";var values={"msg":message,"type":err.name,"client.params":"unhandled window error","file":err.fileName,"line":combinedLineAndColumn,"stack":stack.substr(0,500)};var thirdPartyScript=!err.fileName\|\|err.fileName==="<anonymous>"\|\|stack.indexOf("extension://")>=0;var replaced=stack.replace(/https:\/\/www.youtube.com\//g,"");if(replaced.match(/https?:\/\/[^/]+\//))thirdPartyScript= equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: visiontimes.com

Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0//1.0/
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/ER2$RM
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/S1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/n1:X
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, VisionTimesNews[1].htm.20.dr	String found in binary or memory: http://schema.org
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: http://schema.org/ImageObject
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: http://schema.org/Person
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: http://schema.org/http://schema.org/YoutubeChannelV2
Source: AcroRd32.exe, 00000003.00000003.821631725.000000000D2C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.co#3
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/A1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#J1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#T1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#x1
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000003.00000002.843542232.000000000C786000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type##1
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000003.00000002.847384068.000000000D16D000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000003.00000002.826177203.00000000079C0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000003.00000002.842459707.000000000B2F8000.00000004.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: msapplication.xml4.19.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml6.19.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.19.dr	String found in binary or memory: http://www.youtube.com/
Source: base[1].js.20.dr	String found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.20.dr	String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.20.dr	String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.20.dr	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: AcroRd32.exe, 00000003.00000003.821631725.000000000D2C9000.00000004.00000001.sdmp	String found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000003.00000002.846027852.000000000CD88000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000003.00000002.841476166.000000000B1A2000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000003.00000002.841476166.000000000B1A2000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000003.00000002.841476166.000000000B1A2000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comRL
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://api.w.org/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.js
Source: base[1].js.20.dr	String found in binary or memory: https://docs.google.com/get_video_info
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://es-visiontimes.com/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://findingcourage.vhx.tv/buy?campaign=visiontimes
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[2].css.20.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://i.ytimg.com/generate_204
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2018/02/1200px-Bowl_with_dragons_phoenixes_gourds_and_characters_for_hap
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2019/12/Departure_Herald-Detail.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2020/11/FC_web-ad_300x250.png
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2020/12/Mike_-Pompeo-696x467.png
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2020/12/carrie-lam-696x403.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/01/1-Plum-Blossom-Taipei-Billy-16-9-696x392.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/01/Kowloon_-Hong-Kong-696x403.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/A-Cherry-Taiwan-theme16-9-696x392.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/GettyImages-1167449297-696x464.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/GettyImages-Grandpa_-Taiwan_-1166633778-scaled-1-696x464.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/IMG_7657-16-9-696x392.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/New-Year-Eve_Dinner-Taiwan-16-9-Featured-696x392.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/USS-McCain_-696x403.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/cks-Memorial-musical-hall-Taipei-16-9-696x392.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/hong-kong-2021-02-22-0915-696x403.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/orchid-1004703_1280-650x380-1.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/02/tsai-ing-wen-2021-02-19-1114-696x403.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/A-Azalea-Taiwan-University-16-9-324x400.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/A-Yangmingshan-Flower-Festival-Taiwan-16-9-1-696x392.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/Cherry-blossom-Smarcus-Taiwan-Ariel-16-9-696x392.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/IMG_0118-696x452.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/Scott_Perry.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/Taiwan_Coast_Guard_-696x436.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/Taiwan_Coast_Guard_.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/be_kind_to_mother-696x464.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/chinese_phoenix-696x464.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/filial_respect-696x462.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/gold_ingots_fortune-696x464.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/lucky_bamboo-696x701.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/triad_members_attack_protesters-696x426.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/03/west-kowloon-court-2021-03-16-1238-696x461.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/GettyImages-1230847418-324x400.jpg
Source: americas[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/GettyImages-1231892933.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/PLA-324x400.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/Sun-Simiao-696x467.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/he_received_the_money_but_refused_to_pay_it_back-696x462.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/laozi-buffalo-lao-tzu-mural-vancouver-bc-canada-chinatown-696x42
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/logo720x720-300x300.png
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/pexels-brayden-law-1738997-696x464.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/04/visiontimes-2021-green-v5-300x99.png
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/35112221571_2ae59790ca_k-324x400.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/35326362040_8b812ebeac_k-696x451.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/5559491159_c7211e640b_k-324x400.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/Apple_-Daily_-founder_-Jimmy-Lai-696x464.png
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1145806285-696x464.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1154785472.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1161107823-324x400.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1229868341-696x464.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1230847418-1068x712.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1231586684-324x400.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-1232277182-696x464.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-160772381-696x368.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/GettyImages-72482341-324x400.jpg
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/biden-white-house-semiconductor-computer-chips-GettyImages-12322
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/china-ancient-scene-painting_getCollectionImage-1-696x461.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/china-ancient-scene-painting_getCollectionImage-1.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/emperor-wen-of-han_epochtimesSG-674x489-1-324x400.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/maxresdefault-2-696x392.jpg
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/maxresdefault-3-324x400.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/maxresdefault-4-696x392.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/min-ziqian_2005-3-11-24xiao-05-696x526.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-1068x695.
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-150x98.jp
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-1536x999.
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-300x195.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-600x390.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-646x420.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-696x453.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128-768x500.j
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpg
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpg3
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgB&
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgDC
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgalth-w
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgbH
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgd
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgdth
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgic
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgn
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://img.visiontimes.com/2021/05/pcr-tests_health-workers-mexico_GettyImages-1232310128.jpgxyIds
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/pexels-charles-parker-6647733-1-696x464.jpg
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://img.visiontimes.com/2021/05/sanxingdui_nine-bird-tree_GettyImages-1213735045-324x400.jpg
Source: AcroRd32.exe, 00000003.00000002.834624233.0000000009193000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000003.00000002.834624233.0000000009193000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.comQ
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://m.youtube.com/c/VisionTimesNews
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://m.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://ogp.me/ns#
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://pinterest.com/pin/create/button/?url=https://www.visiontimes.com/2021/05/11/chinese-weaponiz
Source: base[1].js.20.dr	String found in binary or memory: https://redux.js.org/api/store#subscribelistener
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://schema.org
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://schema.org/Article
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://schema.org/ImageObject
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://schema.org/Organization
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://schema.org/Person
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://schema.org/WebPage
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=160&r=g
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=192&r=g
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=80&r=g
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=96&r=g
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://secure.gravatar.com/avatar/182dd511dd531fcb21ce7dfb5eb6d732?s=96&r=g
Source: ServiceLogin[1].htm.20.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en.OqmNd4Eh2BY.O/am=B2DcsKAABAAAAgAA
Source: base[1].js.20.dr	String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://thevisiontimes.org
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://tnews.to/Powerful-Antidote-and-Survives
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://tnews.to/Reject-the-CCP-from-the-Plague
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://tnews.to/Ruling-Our-World
Source: AcroRd32.exe, 00000003.00000002.839137137.000000000A571000.00000004.00000001.sdmp	String found in binary or memory: https://tnews.to/endccp.com99
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://twitter.com/intent/tweet?text=Chinese
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/about-us
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/advertise
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/contact-us
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/copyright-policy-and-infringement-notification
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/policies
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/privacy
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimes.com/submissions
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://visiontimesjp.com/
Source: AcroRd32.exe, 00000003.00000002.834395529.000000000887D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: GettyImages-1154785472[1].jpg.20.dr	String found in binary or memory: https://www.gettyimages.com/detail/1154785472?utm_medium=organic&utm_source=google&utm_campa
Source: GettyImages-1229868341[1].jpg.20.dr	String found in binary or memory: https://www.gettyimages.com/detail/1229868341?utm_medium=organic&utm_source=google&utm_campa
Source: base[1].js.20.dr	String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-194426952-1
Source: AcroRd32.exe, 00000003.00000002.839117005.000000000A54F000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.newindianexpress.com/world/2021/may/10/outright-lies-says-china-on-reports-that-it-probe
Source: AcroRd32.exe, 00000003.00000002.839039400.000000000A4A0000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.nspirement.com/2021/03/24/bioweapons-expert-warns-laboratory-viruses-pose-existential-th
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.secretchina.com/
Source: VisionTimesNews[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/#organization
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/#website
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2020/12/13/hong-kong-leader-says-she-has-piles-of-cash-at-home-after-us-
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2020/12/15/more-sanctions-put-on-chinese-officials-involved-in-draconian
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/01/28/breathtaking-plum-blossoms-in-taiwan.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/01/28/the-government-of-hong-kong-has-lifted-lockdown-restrictions-
Source: AcroRd32.exe, 00000003.00000002.839039400.000000000A4A0000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/01/30/the-world-health-organization-who-has-begun-its-investigation
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/01/hong-kong-national-security-law-fallout-hsbc-brought-before-u
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/07/american-warship-uss-mccain-recently-made-a-routine-transit-t
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/07/pro-beijing-curriculum-targets-hong-kong-schoolchildren-for-r
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/09/the-splendid-floriculture-experiment-center-in-taiwan.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/12/how-do-hong-kongers-celebrate-chinese-new-year-hint-flowers.h
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/16/a-typical-new-year-eve-reunion-dinner-in-taiwan.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/19/a-memorial-that-abounds-with-traditional-chinese-culture-and-
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/20/taiwan-ties-with-us-military-remain-strong-amid-threats-from-
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/23/leaving-hong-kong-to-escape-the-chinese-communist-regime.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/02/24/a-charming-city-in-southern-taiwan.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/08/the-breathtaking-mingchi-forest-recreation-area-in-taiwan.htm
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/09/thugs-for-hire-the-hong-kong-triads.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/13/magnificent-cherry-blossoms-in-taiwans-mountainous-area.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/17/47-arrested-for-involvement-in-hk-legislative-council-primary
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/19/2021-yangmingshan-flower-festival-in-taiwan.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/22/elderly-man-tricked-a-rich-boy-into-losing-his-fortune.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/25/405244.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/26/learn-how-lucky-bamboo-arrangements-does-bring-positivity-in-
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/26/taiwan-and-us-announce-new-coast-guard-pact.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/27/a-sunbathing-mother.html
Source: AcroRd32.exe, 00000003.00000002.839039400.000000000A4A0000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/28/five-things-to-know-before-getting-a-coronavirus-vaccine.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/29/god-helps-the-people-with-filial-respect.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/03/31/how-the-chinese-phoenix-got-its-feathers.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/02/2021-taipei-azalea-festival.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/05/perfection-is-in-the-eye-of-the-beholder.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/10/disintegration-of-democracy-with-ccp-controlled-patriot-elect
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/10/honesty-and-sincerity-are-more-important-than-appearance.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/10/if-you-owe-it-you-must-pay-it-back.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/20/political-shifts-cause-increased-migration-from-hong-kong-to-
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/22/warning-china-holds-military-drills-as-biden-delegation-visit
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/26/sun-simiaos-cure-all-nourish-the-mind-and-body-with-virtue.ht
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/27/first-nations-vaccine-adverse-reactions-charles-hoffe.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/04/28/taiwan-crackdown-ccp-intellectual-property-theft.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/03/hong-kong-crushes-media-lawyers-as-pro-communist-party-establ
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/03/stories-from-the-students-rules-1-at-home-be-dutiful-to-paren
Source: AcroRd32.exe, 00000003.00000002.834725435.000000000924B000.00000004.00000001.sdmp, chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/04/conflict-of-interest-wuhan-lab.html
Source: AcroRd32.exe, 00000003.00000002.834725435.000000000924B000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/2021/05/04/conflict-of-interest-wuhan-lab.htmlh
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/05/good-music-has-miraculous-healing-effects.html
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/08/communist-china-unlikely-to-succeed-if-it-attempts-to-take-ta
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/10/the-commoner-who-became-a-legendary-chinese-emperor.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html#respond
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html#richSnippet
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html#webpage
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html/feed
Source: AcroRd32.exe, 00000003.00000002.847331631.000000000D140000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.htmlX
Source: AcroRd32.exe, 00000003.00000002.847331631.000000000D140000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.htmll
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/11/tsmcs-chairman-founder-express-disapproval-of-moving-manufact
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/12/epoch-times-baseball-bat-attack.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/12/us-business-exodus-hong-kong.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/12/waqa-tabu-ships-fijian-drua.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/17/archaeological-discoveries-at-chinas-sanxingdui-provide-fresh
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/18/jimmy-lai-next-media-asset-freeze.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/18/stories-from-the-students-rules-2-honoring-parents-through-go
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/19/hong-kong-communist-party-infighting.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/22/how-confucius-customized-instruction-to-each-student.html
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/23/hong-kong-nsl-trial-no-jury.html
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/27/confucius-business-wisdom-zi-gong.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/30/china-and-americas-fate%ef%bc%9aa-conversation-between-simone
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/30/huawei-spreads-developing-world.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/alberta-bans-universities-china.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/blm-flag-state-department.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/hikvision-thermal-image-us-gov.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/indias-new-social-media-law-backlash-from-twitter-and-whatsap
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/2021/05/31/stories-from-the-students-rules-3-duty-as-a-sibling.html
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/?p=414146
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/?sccss=1&ver=91a0085bdbdf8c697ca740db1be61b2d
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/about-us
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/advertise
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/author/todd-crawford
Source: AcroRd32.exe, 00000003.00000002.834662545.00000000091CE000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/author/todd-crawfordb
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/archaeology
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/china-insights
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture#webpage
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture/feed
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture/page/2
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture/page/3
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/chinese-culture/page/5
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/hong-kong
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/hong-kong#webpage
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/hong-kong/feed
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/hong-kong/page/2
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan#webpage
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan/feed
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan/page/13
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan/page/2
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/china/taiwan/page/3
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/editors-pick
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/explore
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/explore/places
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/explore/places/explore-earth
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/explore/places/top-tips
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/human-rights-and-wrongs
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/life
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/life/animals-explore
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/life/wellness
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/environment
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/mysteries
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/space
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/tech
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/science/the-web
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/us
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/africa
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/americas
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/americas#webpage
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/americas/feed
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/asia-pacific
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/europe
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/c/world/south-asia
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/comments/feed
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/contact-us
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/donate
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/donations
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/feed
Source: AcroRd32.exe, 00000003.00000002.844162605.000000000C954000.00000004.00000001.sdmp	String found in binary or memory: https://www.visiontimes.com/hroughViewSpectrumBackground_active
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/policies
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/rss-feeds
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/biological-warfare
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/chinese-communist-party-ccp
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/chinese-peoples-liberation-army
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/coronavirus
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/covid-19-origin
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/tag/pandemic
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/publishpress-authors/src/assets/css/multiple-authors-
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?v
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_mai
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?v
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=78be34af34
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-newsletter/style.css?ver=10.4
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pac
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/vt-301/public/css/vt-301-public.css?ver=1.0.0
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/vt-301/public/js/vt-301-public.js?ver=1.0.0
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/vt-enhancement/public/css/vt-enhancement-public.css?v
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/plugins/vt-enhancement/public/js/vt-enhancement-public.js?ver
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/themes/Newspaper-child/style.css?ver=10.4c
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/themes/Newspaper/style.css?ver=10.4
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/04/cropped-favicon-512x512-1-1-180x180.png
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/04/cropped-favicon-512x512-1-1-192x192.png
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/04/cropped-favicon-512x512-1-1-270x270.png
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/04/cropped-favicon-512x512-1-1-32x32.png
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/05/Apple_-Daily_-founder_-Jimmy-Lai.png
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/05/maxresdefault-2.jpg
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-content/uploads/2021/05/pcr-tests_health-workers-mexico_GettyImages-1
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/css/dashicons.min.css?ver=91a0085bdbdf8c697ca740db1be61b2d
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/css/dist/block-library/style.min.css?ver=91a0085bdbdf8c697ca
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/comment-reply.min.js?ver=91a0085bdbdf8c697ca740db1be61b2d
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/underscore.min.js?ver=1.8.3
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/js/wp-embed.min.js?ver=91a0085bdbdf8c697ca740db1be61b2d
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-includes/wlwmanifest.xml
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.visiontimes.com%2F2021%2F
Source: taiwan[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/categories/11124
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/categories/28113
Source: hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/categories/29670
Source: americas[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/categories/32022
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/wp-json/wp/v2/posts/414146
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/xmlrpc.php
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr, taiwan[1].htm.20.dr, americas[1].htm.20.dr, chinese-culture[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.com/xmlrpc.php?rsd
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.fr/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.it/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimes.net/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr, hong-kong[1].htm.20.dr	String found in binary or memory: https://www.visiontimesjp.com/
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/c/VisionTimesNews
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/channel/UCwjyYoGq87bnV3t1nqSjGNg?feature=applinks
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/error_204?t=jserror&level=ERROR
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/feeds/videos.xml?channel_id=UCwjyYoGq87bnV3t1nqSjGNg
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon.ico
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon_144.png
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon_32.png
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon_48.png
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/img/favicon_96.png
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/fetch-polyfill.vflset/fetch-polyfill.js
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/scheduler.vflset/scheduler.js
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/spf.vflset/spf.js
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/web-animations-next-lite.min.vflset/web-animations-
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/webcomponents-all-noPatch.vflset/webcomponents-all-
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://www.youtube.com/s/desktop/1f277c2a/jsbin/www-tampering.vflset/www-tampering.js
Source: chinese-weaponizing-coronavirus[1].htm.20.dr	String found in binary or memory: https://youtu.be/075u_Hzv_7U
Source: chinese-culture[1].htm.20.dr	String found in binary or memory: https://youtu.be/ATvHx_pD-PE
Source: base[1].js.20.dr	String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s200-c-k-c0x00ffffff-no-rj?da
Source: VisionTimesNews[1].htm.20.dr	String found in binary or memory: https://yt3.ggpht.com/ytc/AAUvwni9B9iRO-4g6nt-U9DP9kv6iFnvj3JE7PwAG2vD=s900-c-k-c0x00ffffff-no-rj

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800

Source: unknown	HTTPS traffic detected: 172.67.73.71:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.73.71:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.228:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.20.22:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.20.22:443 -> 192.168.2.4:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.98:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.98:443 -> 192.168.2.4:49801 version: TLS 1.2

Source: classification engine

Classification label: clean2.winPDF@17/224@10/7

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1970u89_t3kn_5hs.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: ChineseCoronaviruses53lyqK.pdf	Initial sample: PDF keyword /JS count = 0
Source: ChineseCoronaviruses53lyqK.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: ChineseCoronaviruses53lyqK.pdf

Initial sample: PDF keyword stream count = 36

Source: ChineseCoronaviruses53lyqK.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: AcroRd32.exe, 00000003.00000002.843245398.000000000C52A000.00000004.00000001.sdmp	Binary or memory string: KX$IU"]`ETW<IM,KO.af=qvMci9HN
Source: AcroRd32.exe, 00000003.00000002.847805941.000000000D8BC000.00000004.00000001.sdmp	Binary or memory string: [UZ}t\|WNVMCI/$*0$$YMMxlezng
Source: AcroRd32.exe, 00000003.00000002.847414061.000000000D191000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 3_2_00B92490 LdrInitializeThunk,

3_2_00B92490

Source: AcroRd32.exe, 00000003.00000002.824539826.00000000057B0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000003.00000002.824539826.00000000057B0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000003.00000002.824539826.00000000057B0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000003.00000002.824539826.00000000057B0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

ID:	427746
Product:	CloudBasic
Start time:	16:15:43
Start date:	01.06.2021
Sample:	ChineseCoronaviruses53lyqK.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	57dd5b69a9113ba248e6878114830aad
SHA1:	16c78f58a76ef12f691f09ce1ae2dd23d605980e
SHA256:	8cedb318de9f0085d24c6cdfdc1073fdca5acc2230d3ab322f2c3e84a0a24421
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Analysis Report ChineseCoronaviruses53lyqK.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\ChineseCoronaviruses53lyqK.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\ChineseCoronaviruses53lyqK.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,599537840793071514,14128985216074786770,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12080242031371821986 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12080242031371821986 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,599537840793071514,14128985216074786770,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2756010903189450312 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,599537840793071514,14128985216074786770,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15090724916942977624 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15090724916942977624 --renderer-client-id=4 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,599537840793071514,14128985216074786770,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1511889012934102846 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1511889012934102846 --renderer-client-id=5 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5496 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\ChineseCoronaviruses53lyqK.pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.visiontimes.com/2021/05/11/chinese-weaponizing-coronavirus.html	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,599537840793071514,14128985216074786770,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12080242031371821986 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12080242031371821986 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,599537840793071514,14128985216074786770,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2756010903189450312 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,599537840793071514,14128985216074786770,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15090724916942977624 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15090724916942977624 --renderer-client-id=4 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,599537840793071514,14128985216074786770,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1511889012934102846 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1511889012934102846 --renderer-client-id=5 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5496 CREDAT:17410 /prefetch:2	Jump to behavior