Windows Analysis Report https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf

Overview

General Information

Sample URL: https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf
Analysis ID: 434237
Infos:

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

No high impact signatures.

Classification

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: msapplication.xml0.3.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.3.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.3.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.3.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.3.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.3.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: www.getrave.ca
Source: msapplication.xml.3.dr String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.3.dr String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.3.dr String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.3.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.3.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.3.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.3.dr String found in binary or memory: http://www.wikipedia.com/
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: http://www.york.ca/mandatorymasks)
Source: msapplication.xml7.3.dr String found in binary or memory: http://www.youtube.com/
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://covid-19.ontario.ca/covid-19-help-businesses-ontario)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.canada.ca/en/health-canada/services/drugs-health-products/disinfectants/covid-19/list.ht
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.ht
Source: {300A0066-CD18-11EB-90EB-ECF4BBEA1588}.dat.3.dr, ~DF71F58F6AA0B63BF7.TMP.3.dr String found in binary or memory: https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.ontario.ca/laws/regulation/170493)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.ontario.ca/laws/regulation/200082)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.ontario.ca/page/develop-your-covid-19-workplace-safety-plan)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.ontario.ca/page/enhancing-public-health-and-workplace-safety-measures-provincewide-shutd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.ontario.ca/page/ministry-labour-training-skills-development)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.ontario.ca/page/reopening-ontario)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.ontario.ca/page/resources-prevent-covid-19-workplace)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.ontario.ca/page/restaurant-and-food-services-health-and-safety-during-covid-19)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-retail-health-and-safety-guidance.p
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-sales-health-and-safety-guidance.pd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resou
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/symptomstransmissiontreatmentandtesting/)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_lower
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_Assess
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_Pract
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_Physic
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_Assessment
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown HTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: classification engine Classification label: clean0.win@17/62@1/2
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.ontario.ca/page/reopening-ontario
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_+entrance-sanitize-hands+8.5x11.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-b5a69a18-1bb9-4dbe-a219-546b1e602a32-n98xbsi
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.ontario.ca/page/resources-prevent-covid-19-workplace
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_Assessment+and+Covid+19_Letter.pdf?MOD=AJPERES&CVID=nl6FAQE
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resources/!ut/p/z1/vVJLU4MwGPwtHnpk8vEoCceItYCW1mofcOmkaSxoIRViffx6U6c6XkQdxRySSbLZnd0sStEcpSXb5Wumclmyjd4nqbsIaT8MgjOIhg7xgcKQRhYm0PNMNHsFwCeDAkq_874BkDbTT1GK0i3PVyhxsQPOkmBjxQUYzlIQg3iEGLbb5czzGOZLd4_mpdqqDCVP1YLLUolSdeBJVrd6U6tc3b8eZLIQehZso7IOcLnLV4bpdaAStbyvuKivGVd1JoSqWbnSt0LWB5zpvYNQ9JV_HbBVDfzBWrtgKjPy8lqi-ZsemjfpHXAf9TRdfnN3l1Jtc-_tUaH5f_ic7YP96LR_SRwIpxGmU3MITmgfAJbluIHpQwTBkEB4ikfdExKYcGYdAA1_neiu4E_DHFtotsvFA5qUsip0dy9_WI3gTQETnwa0DyO4mmC46GGHuOeD0fnY_KXCFwZaprdbpcfQLr3VLv3fhBOF4Jt0X3-7ZwO1Qp8c2xGJ43azj9vNPm43-7jd3k9_G862mEwKYnc3a6K88Ka7LhYnx7GRRLvnxmVAj45eAIKaNGo!/dz/d5/L2dBISEvZ0FBIS9nQSEh/#.XuEa1vlKi9I
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_+entrance-sanitize-hands+8.5x11.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-b5a69a18-1bb9-4dbe-a219-546b1e602a32-n98Xbsi
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_Practicing%2BSocial%2BDistancing_8-5x11.pdf?MOD=AJPERES&CVID=n5svRxd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_physical-distancing-8.5x11-june14.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-8b46e61b-af4d-4787-a77b-4100b75df288-nap-gu9
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.ontario.ca/laws/regulation/170493
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: mailto:york.ca/COVID19
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_+how+to+wear+a+mask.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-ee9868ec-9778-49d4-bbdd-0fe9ab893feb-n98jkqp
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: mailto:Health.Inspectors@york.ca
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_assessment+and+covid+19.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-895d5afe-82c5-4595-bb56-3abdd6bc8af8-n98xqjp
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_+waste-handling-tips.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-fb2ac24e-7d80-4b5b-89ee-60d650f785d1-n9e2k-e
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/symptomstransmissiontreatmentandtesting/
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.wsps.ca/wsps/media/site/resources/downloads/covid-19-retail-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_practicing%2bsocial%2bdistancing_8-5x11.pdf?mod=ajperes&cvid=n5svrxd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_Assessment+and+Covid+19.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-895d5afe-82c5-4595-bb56-3abdd6bc8af8-n98XQJp
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.ontario.ca/laws/regulation/200082
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-sales-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://covid-19.ontario.ca/covid-19-help-businesses-ontario
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: http://www.york.ca/mandatorymasks
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.ontario.ca/page/restaurant-and-food-services-health-and-safety-during-covid-19
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.html
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_loweryourrisk_8-5x11.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-5637cc20-d777-496f-a57d-0754abe81490-n97rdqq
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-retail-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.canada.ca/en/health-canada/services/drugs-health-products/disinfectants/covid-19/list.html
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_+Waste-Handling-Tips.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-fb2ac24e-7d80-4b5b-89ee-60d650f785d1-n9e2K-E
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.ontario.ca/page/enhancing-public-health-and-workplace-safety-measures-provincewide-shutdown#section-1
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_Physical-Distancing-8.5x11-June14.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-8b46e61b-af4d-4787-a77b-4100b75df288-naP-gU9
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.wsps.ca/wsps/media/site/resources/downloads/covid-19-sales-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.ontario.ca/page/develop-your-covid-19-workplace-safety-plan
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resources/!ut/p/z1/vvjlu4mwgpwthnpk8veocceitycw1mofcomkasxoirviffx6u6c6xkqdxryssblznd0sstecpsxb5wumclmyjd4nqbsiat8mgjoihg7xgckqrhym0pnmnhsfwcedakq_874bkdbtt1gk0i3pvyhxsqpokmbjxquyzliqg3ieglbb5czzgozld4_mpdqqdcvp1ylluolsdebjvrd6u6tc3b8ezliqehzso7ioclnlv4bpdaastbyvukivgvd1josqwbnst0lwb5zpvynq9jv_hbbvdfzbwrtgkjpy8lqi-zsemjfphxaf9trdfnn3l1jtc-_tuah5f_ic7yp96lr_srwipxgmu3mitmgfajbluihpqwtbkeb4ikfdexkycgydaa1_neiu4e_dhftotsvfa5qusip0dy9_wi3gtqetnwa0dyo4mmc46gghuoed0fny_kxcfwzaprdbpcfqlr3vlv3fhbof4jt0x3-7zwo1qp8c2xgj43azj9vnpm43-7jd3k9_g862mewkync3a6k88ka7lhynx7grrlvnxmvaj45eaikango!/dz/d5/l2dbisevz0fbis9nqseh/#.xuea1vlki9i
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_+How+to+Wear+a+Mask.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-ee9868ec-9778-49d4-bbdd-0fe9ab893feb-n98JKqP
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_assessment+and+covid+19_letter.pdf?mod=ajperes&cvid=nl6faqe
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_lowerYourRisk_8-5x11.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-5637cc20-d777-496f-a57d-0754abe81490-n97RdQQ
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr Initial sample: https://www.ontario.ca/page/ministry-labour-training-skills-development
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{300A0064-CD18-11EB-90EB-ECF4BBEA1588}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DFAA560BC5C50C511B.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6596 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6676
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6676
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10239579510597668333 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10239579510597668333 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2337483784384888965 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15245644756762629242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15245644756762629242 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7424766846130001476 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7424766846130001476 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6596 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6676 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6676 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10239579510597668333 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10239579510597668333 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2337483784384888965 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15245644756762629242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15245644756762629242 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7424766846130001476 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7424766846130001476 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe File opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfg Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File opened: C:\Windows\SysWOW64\Msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information queried: ProcessInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 434237 URL: https://www.getrave.ca/cont... Startdate: 14/06/2021 Architecture: WINDOWS Score: 0 8 iexplore.exe 1 75 2->8         started        process3 10 iexplore.exe 30 8->10         started        dnsIp4 28 getrave.ca 69.10.147.140, 443, 49730, 49731 TERAGO-RACKFORCECA Canada 10->28 30 www.getrave.ca 10->30 13 AcroRd32.exe 35 10->13         started        process5 process6 15 RdrCEF.exe 59 13->15         started        18 AcroRd32.exe 3 5 13->18         started        dnsIp7 32 192.168.2.1 unknown unknown 15->32 20 RdrCEF.exe 15->20         started        22 RdrCEF.exe 15->22         started        24 RdrCEF.exe 15->24         started        26 RdrCEF.exe 15->26         started        process8
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
69.10.147.140
 getrave.ca Canada
19875 TERAGO-RACKFORCECA false

Private
IP
192.168.2.1

Contacted Domains

Name IP Active
getrave.ca 69.10.147.140 true
www.getrave.ca unknown unknown