Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf

Overview

General Information

Sample URL:https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf
Analysis ID:434237
Infos:

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • iexplore.exe (PID: 6596 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6676 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6596 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • AcroRd32.exe (PID: 6832 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6676 MD5: B969CF0C7B2C443A99034881E8C8740A)
        • AcroRd32.exe (PID: 6956 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6676 MD5: B969CF0C7B2C443A99034881E8C8740A)
        • RdrCEF.exe (PID: 2016 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
          • RdrCEF.exe (PID: 7124 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10239579510597668333 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10239579510597668333 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
          • RdrCEF.exe (PID: 4600 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2337483784384888965 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)
          • RdrCEF.exe (PID: 6528 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15245644756762629242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15245644756762629242 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
          • RdrCEF.exe (PID: 6224 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7424766846130001476 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7424766846130001476 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: msapplication.xml0.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: www.getrave.ca
Source: msapplication.xml.3.drString found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.3.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.3.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.3.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.3.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.3.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.3.drString found in binary or memory: http://www.wikipedia.com/
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: http://www.york.ca/mandatorymasks)
Source: msapplication.xml7.3.drString found in binary or memory: http://www.youtube.com/
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://covid-19.ontario.ca/covid-19-help-businesses-ontario)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.canada.ca/en/health-canada/services/drugs-health-products/disinfectants/covid-19/list.ht
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.ht
Source: {300A0066-CD18-11EB-90EB-ECF4BBEA1588}.dat.3.dr, ~DF71F58F6AA0B63BF7.TMP.3.drString found in binary or memory: https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.ontario.ca/laws/regulation/170493)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.ontario.ca/laws/regulation/200082)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.ontario.ca/page/develop-your-covid-19-workplace-safety-plan)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.ontario.ca/page/enhancing-public-health-and-workplace-safety-measures-provincewide-shutd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.ontario.ca/page/ministry-labour-training-skills-development)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.ontario.ca/page/reopening-ontario)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.ontario.ca/page/resources-prevent-covid-19-workplace)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.ontario.ca/page/restaurant-and-food-services-health-and-safety-during-covid-19)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-retail-health-and-safety-guidance.p
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-sales-health-and-safety-guidance.pd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resou
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/symptomstransmissiontreatmentandtesting/)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_lower
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_Assess
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_Pract
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_Physic
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drString found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_Assessment
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownHTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: classification engineClassification label: clean0.win@17/62@1/2
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.ontario.ca/page/reopening-ontario
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_+entrance-sanitize-hands+8.5x11.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-b5a69a18-1bb9-4dbe-a219-546b1e602a32-n98xbsi
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.ontario.ca/page/resources-prevent-covid-19-workplace
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_Assessment+and+Covid+19_Letter.pdf?MOD=AJPERES&CVID=nl6FAQE
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resources/!ut/p/z1/vVJLU4MwGPwtHnpk8vEoCceItYCW1mofcOmkaSxoIRViffx6U6c6XkQdxRySSbLZnd0sStEcpSXb5Wumclmyjd4nqbsIaT8MgjOIhg7xgcKQRhYm0PNMNHsFwCeDAkq_874BkDbTT1GK0i3PVyhxsQPOkmBjxQUYzlIQg3iEGLbb5czzGOZLd4_mpdqqDCVP1YLLUolSdeBJVrd6U6tc3b8eZLIQehZso7IOcLnLV4bpdaAStbyvuKivGVd1JoSqWbnSt0LWB5zpvYNQ9JV_HbBVDfzBWrtgKjPy8lqi-ZsemjfpHXAf9TRdfnN3l1Jtc-_tUaH5f_ic7YP96LR_SRwIpxGmU3MITmgfAJbluIHpQwTBkEB4ikfdExKYcGYdAA1_neiu4E_DHFtotsvFA5qUsip0dy9_WI3gTQETnwa0DyO4mmC46GGHuOeD0fnY_KXCFwZaprdbpcfQLr3VLv3fhBOF4Jt0X3-7ZwO1Qp8c2xGJ43azj9vNPm43-7jd3k9_G862mEwKYnc3a6K88Ka7LhYnx7GRRLvnxmVAj45eAIKaNGo!/dz/d5/L2dBISEvZ0FBIS9nQSEh/#.XuEa1vlKi9I
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_+entrance-sanitize-hands+8.5x11.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-b5a69a18-1bb9-4dbe-a219-546b1e602a32-n98Xbsi
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_Practicing%2BSocial%2BDistancing_8-5x11.pdf?MOD=AJPERES&CVID=n5svRxd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_physical-distancing-8.5x11-june14.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-8b46e61b-af4d-4787-a77b-4100b75df288-nap-gu9
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.ontario.ca/laws/regulation/170493
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: mailto:york.ca/COVID19
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_+how+to+wear+a+mask.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-ee9868ec-9778-49d4-bbdd-0fe9ab893feb-n98jkqp
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: mailto:Health.Inspectors@york.ca
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_assessment+and+covid+19.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-895d5afe-82c5-4595-bb56-3abdd6bc8af8-n98xqjp
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_+waste-handling-tips.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-fb2ac24e-7d80-4b5b-89ee-60d650f785d1-n9e2k-e
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/symptomstransmissiontreatmentandtesting/
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.wsps.ca/wsps/media/site/resources/downloads/covid-19-retail-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_practicing%2bsocial%2bdistancing_8-5x11.pdf?mod=ajperes&cvid=n5svrxd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_Assessment+and+Covid+19.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-895d5afe-82c5-4595-bb56-3abdd6bc8af8-n98XQJp
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.ontario.ca/laws/regulation/200082
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-sales-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://covid-19.ontario.ca/covid-19-help-businesses-ontario
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: http://www.york.ca/mandatorymasks
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.ontario.ca/page/restaurant-and-food-services-health-and-safety-during-covid-19
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.html
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_loweryourrisk_8-5x11.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-5637cc20-d777-496f-a57d-0754abe81490-n97rdqq
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-retail-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.canada.ca/en/health-canada/services/drugs-health-products/disinfectants/covid-19/list.html
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_+Waste-Handling-Tips.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-fb2ac24e-7d80-4b5b-89ee-60d650f785d1-n9e2K-E
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.ontario.ca/page/enhancing-public-health-and-workplace-safety-measures-provincewide-shutdown#section-1
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_Physical-Distancing-8.5x11-June14.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-8b46e61b-af4d-4787-a77b-4100b75df288-naP-gU9
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.wsps.ca/wsps/media/site/resources/downloads/covid-19-sales-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.ontario.ca/page/develop-your-covid-19-workplace-safety-plan
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resources/!ut/p/z1/vvjlu4mwgpwthnpk8veocceitycw1mofcomkasxoirviffx6u6c6xkqdxryssblznd0sstecpsxb5wumclmyjd4nqbsiat8mgjoihg7xgckqrhym0pnmnhsfwcedakq_874bkdbtt1gk0i3pvyhxsqpokmbjxquyzliqg3ieglbb5czzgozld4_mpdqqdcvp1ylluolsdebjvrd6u6tc3b8ezliqehzso7ioclnlv4bpdaastbyvukivgvd1josqwbnst0lwb5zpvynq9jv_hbbvdfzbwrtgkjpy8lqi-zsemjfphxaf9trdfnn3l1jtc-_tuah5f_ic7yp96lr_srwipxgmu3mitmgfajbluihpqwtbkeb4ikfdexkycgydaa1_neiu4e_dhftotsvfa5qusip0dy9_wi3gtqetnwa0dyo4mmc46gghuoed0fny_kxcfwzaprdbpcfqlr3vlv3fhbof4jt0x3-7zwo1qp8c2xgj43azj9vnpm43-7jd3k9_g862mewkync3a6k88ka7lhynx7grrlvnxmvaj45eaikango!/dz/d5/l2dbisevz0fbis9nqseh/#.xuea1vlki9i
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_+How+to+Wear+a+Mask.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-ee9868ec-9778-49d4-bbdd-0fe9ab893feb-n98JKqP
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_assessment+and+covid+19_letter.pdf?mod=ajperes&cvid=nl6faqe
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_lowerYourRisk_8-5x11.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-5637cc20-d777-496f-a57d-0754abe81490-n97RdQQ
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.drInitial sample: https://www.ontario.ca/page/ministry-labour-training-skills-development
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{300A0064-CD18-11EB-90EB-ECF4BBEA1588}.datJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFAA560BC5C50C511B.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6596 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6676
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6676
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10239579510597668333 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10239579510597668333 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2337483784384888965 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15245644756762629242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15245644756762629242 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7424766846130001476 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7424766846130001476 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6596 CREDAT:17410 /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6676Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6676Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10239579510597668333 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10239579510597668333 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2337483784384888965 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15245644756762629242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15245644756762629242 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7424766846130001476 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7424766846130001476 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeFile opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfgJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeFile opened: C:\Windows\SysWOW64\Msftedit.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Spearphishing Link1Windows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingProcess Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language