Play interactive tour

Edit tour

Windows Analysis Report https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf

Overview

General Information

Sample URL:	https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf
Analysis ID:	434237
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

iexplore.exe (PID: 6596 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6676 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6596 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

AcroRd32.exe (PID: 6832 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6676 MD5: B969CF0C7B2C443A99034881E8C8740A)

AcroRd32.exe (PID: 6956 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6676 MD5: B969CF0C7B2C443A99034881E8C8740A)

RdrCEF.exe (PID: 2016 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 7124 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10239579510597668333 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10239579510597668333 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 4600 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2337483784384888965 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6528 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15245644756762629242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15245644756762629242 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6224 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7424766846130001476 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7424766846130001476 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: msapplication.xml0.3.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.3.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.3.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.3.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.3.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.3.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: www.getrave.ca

Source: msapplication.xml.3.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.3.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.3.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.3.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.3.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.3.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.3.dr	String found in binary or memory: http://www.wikipedia.com/
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: http://www.york.ca/mandatorymasks)
Source: msapplication.xml7.3.dr	String found in binary or memory: http://www.youtube.com/
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-help-businesses-ontario)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.canada.ca/en/health-canada/services/drugs-health-products/disinfectants/covid-19/list.ht
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.ht
Source: {300A0066-CD18-11EB-90EB-ECF4BBEA1588}.dat.3.dr, ~DF71F58F6AA0B63BF7.TMP.3.dr	String found in binary or memory: https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.ontario.ca/laws/regulation/170493)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.ontario.ca/laws/regulation/200082)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.ontario.ca/page/develop-your-covid-19-workplace-safety-plan)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.ontario.ca/page/enhancing-public-health-and-workplace-safety-measures-provincewide-shutd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.ontario.ca/page/ministry-labour-training-skills-development)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.ontario.ca/page/reopening-ontario)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.ontario.ca/page/resources-prevent-covid-19-workplace)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.ontario.ca/page/restaurant-and-food-services-health-and-safety-during-covid-19)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-retail-health-and-safety-guidance.p
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-sales-health-and-safety-guidance.pd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resou
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/symptomstransmissiontreatmentandtesting/)
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_lower
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_Assess
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_Pract
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_Physic
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	String found in binary or memory: https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_Assessment

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown	HTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.10.147.140:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/62@1/2

Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.ontario.ca/page/reopening-ontario
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_+entrance-sanitize-hands+8.5x11.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-b5a69a18-1bb9-4dbe-a219-546b1e602a32-n98xbsi
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.ontario.ca/page/resources-prevent-covid-19-workplace
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_Assessment+and+Covid+19_Letter.pdf?MOD=AJPERES&CVID=nl6FAQE
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resources/!ut/p/z1/vVJLU4MwGPwtHnpk8vEoCceItYCW1mofcOmkaSxoIRViffx6U6c6XkQdxRySSbLZnd0sStEcpSXb5Wumclmyjd4nqbsIaT8MgjOIhg7xgcKQRhYm0PNMNHsFwCeDAkq_874BkDbTT1GK0i3PVyhxsQPOkmBjxQUYzlIQg3iEGLbb5czzGOZLd4_mpdqqDCVP1YLLUolSdeBJVrd6U6tc3b8eZLIQehZso7IOcLnLV4bpdaAStbyvuKivGVd1JoSqWbnSt0LWB5zpvYNQ9JV_HbBVDfzBWrtgKjPy8lqi-ZsemjfpHXAf9TRdfnN3l1Jtc-_tUaH5f_ic7YP96LR_SRwIpxGmU3MITmgfAJbluIHpQwTBkEB4ikfdExKYcGYdAA1_neiu4E_DHFtotsvFA5qUsip0dy9_WI3gTQETnwa0DyO4mmC46GGHuOeD0fnY_KXCFwZaprdbpcfQLr3VLv3fhBOF4Jt0X3-7ZwO1Qp8c2xGJ43azj9vNPm43-7jd3k9_G862mEwKYnc3a6K88Ka7LhYnx7GRRLvnxmVAj45eAIKaNGo!/dz/d5/L2dBISEvZ0FBIS9nQSEh/#.XuEa1vlKi9I
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_+entrance-sanitize-hands+8.5x11.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-b5a69a18-1bb9-4dbe-a219-546b1e602a32-n98Xbsi
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_Practicing%2BSocial%2BDistancing_8-5x11.pdf?MOD=AJPERES&CVID=n5svRxd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_physical-distancing-8.5x11-june14.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-8b46e61b-af4d-4787-a77b-4100b75df288-nap-gu9
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.ontario.ca/laws/regulation/170493
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: mailto:york.ca/COVID19
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_+how+to+wear+a+mask.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-ee9868ec-9778-49d4-bbdd-0fe9ab893feb-n98jkqp
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: mailto:Health.Inspectors@york.ca
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_assessment+and+covid+19.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-895d5afe-82c5-4595-bb56-3abdd6bc8af8-n98xqjp
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_+waste-handling-tips.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-fb2ac24e-7d80-4b5b-89ee-60d650f785d1-n9e2k-e
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/symptomstransmissiontreatmentandtesting/
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.wsps.ca/wsps/media/site/resources/downloads/covid-19-retail-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_practicing%2bsocial%2bdistancing_8-5x11.pdf?mod=ajperes&cvid=n5svrxd
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_Assessment+and+Covid+19.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-895d5afe-82c5-4595-bb56-3abdd6bc8af8-n98XQJp
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.ontario.ca/laws/regulation/200082
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-sales-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://covid-19.ontario.ca/covid-19-help-businesses-ontario
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: http://www.york.ca/mandatorymasks
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.ontario.ca/page/restaurant-and-food-services-health-and-safety-during-covid-19
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.html
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_loweryourrisk_8-5x11.pdf?mod=ajperes&cacheid=rootworkspace.z18_29d41bg0pgoc70qqggjk4i0004-5637cc20-d777-496f-a57d-0754abe81490-n97rdqq
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-retail-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.canada.ca/en/health-canada/services/drugs-health-products/disinfectants/covid-19/list.html
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_+Waste-Handling-Tips.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-fb2ac24e-7d80-4b5b-89ee-60d650f785d1-n9e2K-E
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.ontario.ca/page/enhancing-public-health-and-workplace-safety-measures-provincewide-shutdown#section-1
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_Physical-Distancing-8.5x11-June14.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-8b46e61b-af4d-4787-a77b-4100b75df288-naP-gU9
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.wsps.ca/wsps/media/site/resources/downloads/covid-19-sales-health-and-safety-guidance.pdf?ext=.pdf
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.ontario.ca/page/develop-your-covid-19-workplace-safety-plan
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resources/!ut/p/z1/vvjlu4mwgpwthnpk8veocceitycw1mofcomkasxoirviffx6u6c6xkqdxryssblznd0sstecpsxb5wumclmyjd4nqbsiat8mgjoihg7xgckqrhym0pnmnhsfwcedakq_874bkdbtt1gk0i3pvyhxsqpokmbjxquyzliqg3ieglbb5czzgozld4_mpdqqdcvp1ylluolsdebjvrd6u6tc3b8ezliqehzso7ioclnlv4bpdaastbyvukivgvd1josqwbnst0lwb5zpvynq9jv_hbbvdfzbwrtgkjpy8lqi-zsemjfphxaf9trdfnn3l1jtc-_tuah5f_ic7yp96lr_srwipxgmu3mitmgfajbluihpqwtbkeb4ikfdexkycgydaa1_neiu4e_dhftotsvfa5qusip0dy9_wi3gtqetnwa0dyo4mmc46gghuoed0fny_kxcfwzaprdbpcfqlr3vlv3fhbof4jt0x3-7zwo1qp8c2xgj43azj9vnpm43-7jd3k9_g862mewkync3a6k88ka7lhynx7grrlvnxmvaj45eaikango!/dz/d5/l2dbisevz0fbis9nqseh/#.xuea1vlki9i
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_+How+to+Wear+a+Mask.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-ee9868ec-9778-49d4-bbdd-0fe9ab893feb-n98JKqP
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_assessment+and+covid+19_letter.pdf?mod=ajperes&cvid=nl6faqe
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_lowerYourRisk_8-5x11.pdf?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_29D41BG0PGOC70QQGGJK4I0004-5637cc20-d777-496f-a57d-0754abe81490-n97RdQQ
Source: COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	Initial sample: https://www.ontario.ca/page/ministry-labour-training-skills-development

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{300A0064-CD18-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFAA560BC5C50C511B.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

File opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfg

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Spearphishing Link1	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	Process Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	File and Directory Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf	0%	Virustotal		Browse
https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
getrave.ca	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-	0%	Avira URL Cloud	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
getrave.ca	69.10.147.140	true	false	0%, Virustotal, Browse	unknown
www.getrave.ca	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.ontario.ca/page/resources-prevent-covid-19-workplace)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.york.ca/wps/wcm/connect/yorkpublic/b5a69a18-1bb9-4dbe-a219-546b1e602a32/202032_40_	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
http://www.nytimes.com/	msapplication.xml3.3.dr	false		high
https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-	{300A0066-CD18-11EB-90EB-ECF4BBEA1588}.dat.3.dr, ~DF71F58F6AA0B63BF7.TMP.3.dr	false	Avira URL Cloud: safe	unknown
https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.ht	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-64_Physic	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
http://www.amazon.com/	msapplication.xml.3.dr	false		high
https://www.york.ca/wps/wcm/connect/yorkpublic/ee9868ec-9778-49d4-bbdd-0fe9ab893feb/202032_47_	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.canada.ca/en/health-canada/services/drugs-health-products/disinfectants/covid-19/list.ht	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.ontario.ca/page/develop-your-covid-19-workplace-safety-plan)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/resourcesfactsheetsandvideos/covid19resou	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.ontario.ca/page/enhancing-public-health-and-workplace-safety-measures-provincewide-shutd	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.york.ca/wps/wcm/connect/yorkpublic/895d5afe-82c5-4595-bb56-3abdd6bc8af8/202032_48_Assess	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.york.ca/wps/wcm/connect/yorkpublic/8b46e61b-af4d-4787-a77b-4100b75df288/202032-03b_Pract	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.york.ca/wps/wcm/connect/yorkpublic/fc123a83-1f2f-489b-a525-0dd68d5b2f73/48_Assessment	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
http://www.twitter.com/	msapplication.xml5.3.dr	false		high
https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-retail-health-and-safety-guidance.p	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.york.ca/wps/wcm/connect/yorkpublic/fb2ac24e-7d80-4b5b-89ee-60d650f785d1/202032_49_	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://covid-19.ontario.ca/covid-19-help-businesses-ontario)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
http://www.youtube.com/	msapplication.xml7.3.dr	false		high
https://www.ontario.ca/page/reopening-ontario)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
http://www.wikipedia.com/	msapplication.xml6.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.ontario.ca/laws/regulation/170493)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
http://www.live.com/	msapplication.xml2.3.dr	false		high
https://www.ontario.ca/laws/regulation/200082)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/symptomstransmissiontreatmentandtesting/)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
http://www.reddit.com/	msapplication.xml4.3.dr	false		high
https://www.ontario.ca/page/restaurant-and-food-services-health-and-safety-during-covid-19)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.wsps.ca/WSPS/media/Site/Resources/Downloads/covid-19-sales-health-and-safety-guidance.pd	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
http://www.york.ca/mandatorymasks)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.ontario.ca/page/ministry-labour-training-skills-development)	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high
https://www.york.ca/wps/wcm/connect/yorkpublic/5637cc20-d777-496f-a57d-0754abe81490/202032-10e_lower	COVID-19_Guidance_for_Food_Premises[1].pdf.4.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
69.10.147.140	getrave.ca	Canada		19875	TERAGO-RACKFORCECA	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	434237
Start date:	14.06.2021
Start time:	15:54:49
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 41s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/62@1/2
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Max analysis timeout: 220s exceeded, the analysis took too long TCP Packets have been reduced to 100 Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 40.88.32.150, 23.211.6.115, 52.147.198.201, 88.221.62.148, 23.211.4.250, 2.20.142.203, 2.20.143.130, 104.42.151.234, 152.199.19.161, 20.82.209.183, 2.20.142.210, 2.20.142.209, 20.54.104.15, 20.54.7.98, 20.54.26.129, 92.122.213.247, 92.122.213.194, 20.82.210.154 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, e4578.dscb.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, acroipm2.adobe.com, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, go.microsoft.com, a122.dscd.akamai.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, acroipm2.adobe.com.edgesuite.net, ie9comview.vo.msecnd.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
15:55:52	API Interceptor	26x Sleep call for process: RdrCEF.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	410
Entropy (8bit):	5.6698873714970555
Encrypted:	false
SSDEEP:	6:men9YOFLvEWdM9Q/t7yHi7Z+P41TK6tll2en9YOFLvEWdM9QNeltJyqi7Z+P41TD:vDRM9qZiErlfDRM9+OyRZiE
MD5:	12D0241FF3F80F3C9395069A5AEE8F77
SHA1:	EF346300DC487CB3FCBD07FCBB61EBA90954B676
SHA-256:	6BF471B9DFD9A901B5E173B1216F8C63B3AA5B561935D080DC03B6B6D18A8B7F
SHA-512:	DE9C15E50D7CB5D1C972C01FC3440584EF6F0347D5BCB4A85B6B0E44B75F76FD6268E8D435507203BDE8FC80275674AFF4FA7D3AC59B0E1DD31ED7902C73BEA9
Malicious:	false
Reputation:	low
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .N..P#/....."#.D.....1.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo.......[.........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .....P#/....."#.D....1.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo.......`.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.55488398169158
Encrypted:	false
SSDEEP:	6:mi9NqEYOFLvEkf1dXb8Be7Ywcr1TK6tjsl2i9NqEYOFLvEk4LlRl/o8Be7Ywcr1E:V9z/Lr9PQi9zY+9PQ+F
MD5:	88EB64599FE6E2BCA380FE28905318B3
SHA1:	0BBA167CFE59F2D6F4925215791E11BFA2DD0CCC
SHA-256:	5347E442B5C271851EEAF82A7539C82319FCCC2C3BC1BA0015591C5040571EB5
SHA-512:	ECB667CCEB1505A182A82898B2D53B6763B1DA9E9E9CCD00847BBD9DAEF44A11F4FAF440C7403CCE942A100E74F137532DBC142C58EA6342706F8B8BA34BB9AA
Malicious:	false
Reputation:	low
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ...r.P#/....."#.D(\|0..1.A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo......3AA.........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .9z.P#/....."#.D..8..1.A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo........tg........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	492
Entropy (8bit):	5.594527581976469
Encrypted:	false
SSDEEP:	12:DyeRVFAFjVFAFpxlUo6j1yeRVFAFjVFAFZlUo6jG:tB4v4pxSBLB4v4ZSB
MD5:	7503DE0009FBBF7C33F24509206E482C
SHA1:	0E2DE8F19BD9F3CE3E1408A091C012F008E66F30
SHA-256:	ABE95689744F46CDE08CFE920DD9A100B9B33CF2B4241684A590C9528172BFAC
SHA-512:	7877864C3F9710EDB7F4887E88C27B3508C7FE091415CFDE65B87E021123E5D404AD4DE74F816082439D441E933CB42FDD46BD0DC615C938138F02B141F3715B
Malicious:	false
Reputation:	low
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..2.P#/....."#.D.x...1.A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo.......O_T........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..D..P#/....."#.D.....1.A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo......x.1.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.669373736584535
Encrypted:	false
SSDEEP:	6:mNtVYOFLvEWdFCi5Rs27fR0iWulHyA1TK6tzlt:IbRkiDlWussF
MD5:	EA43EE9A45AFF6BBD94CAE59718D35B6
SHA1:	3565F996DD246B2C16833AF65B4435A92F07014E
SHA-256:	FD539251AB6CE5142CF0E91EFCCBF3E5262A651B20F29C238C01F9003ED939BA
SHA-512:	00A70006DE207739C463E6A1A6C11CD26ECCA16AEB12E099E05CFE27A2F168246A58F096497DDF5B570FAA8FAC710CB6B233168DFDE76DE7987C5DC284F4F597
Malicious:	false
Reputation:	low
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js .Rv.P#/....."#.D..)..1.A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo.......~..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.577040715857873
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVuAml/JQRVyh9PT41TK6tde+yiXYOFLvEWd7VIGXVucut3:pyixRumshYV41TExyixRuiuGYV41TE
MD5:	E835033C1BD04FE6C70A1A43579E5F21
SHA1:	064FEE30854C091BA2FC3849CA113C4A7D14324E
SHA-256:	2B461CE3D27BA19A0B7180C65104385CDAD005001163B35B53D96B0903E13461
SHA-512:	16C7401240A1BF13A717EE4EF4092A744C6E17025D1E82C011D9F4CA1CB10F7994A1DC8DF8EEDA44C1ED209405AF52CAEC8019F71FE9EDFF81BB3CB88902FCA4
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .@..P#/....."#.D....1.Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo......2...........0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .....P#/....."#.Dj4...1.Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo.........V........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.665121791375181
Encrypted:	false
SSDEEP:	6:mvYOFLvEWdhwjQxfG+txivLZIl6P41TK6t1vYOFLvEWdhwjQR4XCyhLZIl6P41TB:0Rhkmu+GLZCdRhkGPGLZC
MD5:	4BE5CF66E375057DCBCD62A03223E803
SHA1:	01DCF56D2E1A3952A1D469501DB21A13CF855359
SHA-256:	47D5308D943FF4D45CB45D2127C61F46D17F2ADA26EA8470BB24634CA95E00A1
SHA-512:	729E4822E4189DEAC3202B64B8C4A4A77FBA1DA4E64569B93FDD76E22086094B8B9DF5AC187CA287DDE827CF645FA6FC3644025D4F1B483F1AE3908F50BE0D15
Malicious:	false
Reputation:	low
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ...P#/....."#.D.....1.A.].>....uUf..N...k......c..l.A..Eo...................A..Eo.........#........0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ....P#/....."#.D.B...1.A.].>....uUf..N...k......c..l.A..Eo...................A..Eo......']..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.5289970594767635
Encrypted:	false
SSDEEP:	6:mJYOFLvEWdGQRQOdQrtrZV6g1TK6tJ2JYOFLvEWdGQRQOdQ0MqskIV6g1TK6t5N:2RHRQC4HV1CRHRQCLMvV1
MD5:	0D0E2B6A97FEEFB257E1AC83F371FF2A
SHA1:	17503921972A506E2D91782DD8D405E7320382F8
SHA-256:	4C3F33BBF9DBEE4D74F23590387B76380A85EE3A47C92A4190E728336C5E3934
SHA-512:	6084823F1EE70A4DE6F15D2A1CC8282DCA5CDED982CA69DF008ADA43232300D1CA75680AADE194F25556B84A9CDBCC90088CDC54150963955C03F4A04901A93A
Malicious:	false
Reputation:	low
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .k8.P#/....."#.D1....1.A..c..y/L....\|y.n..C/I.....X7-ne.A..Eo...................A..Eo..................0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .....P#/....."#.D#....1.A..c..y/L....\|y.n..C/I.....X7-ne.A..Eo...................A..Eo......--o.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.552318974968686
Encrypted:	false
SSDEEP:	6:mOYOFLvECMLO/dX2U9GLMuR/41TK6tXEOYOFLvECMLhD/wOcmeMuR/41TK6t:Z5Mi/dGU9eMuR/El5MNcz1MuR/E
MD5:	9D9B6D1809D8BE50BF383060401016DB
SHA1:	D6AE1F9D0E5906EE6E4D58632C3C7E6E4F020208
SHA-256:	D6220E6650207B9D9B729242E30EBA6A701B7A3F4A6E5960C60F74EECB6D562D
SHA-512:	B5C4E74FAB1FF2D0E7E36B5EA89C2B594DE574CA19DC942EBF59E1DD7D64C49BFA3103CC52634E39060109923DE47A57005720249B943A2BB7AEB699D28FBBD9
Malicious:	false
Reputation:	low
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .x.r.P#/....."#.D..0..1.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......]...........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ...P#/....."#.D.k9..1.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......Q1o.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	428
Entropy (8bit):	5.54483402338966
Encrypted:	false
SSDEEP:	6:m4fPYOFLvEWdtuLF1tw3by0zBUKSAA1TK6tI4fPYOFLvEWdturcKyZ3by0zBUKS5:pReF1e3behR+oZ3be
MD5:	1B086EB122C3DC383BB9BBBF75C6EE06
SHA1:	757B3FD01F843D7BA58242E388AA7BF55D8AB063
SHA-256:	F50DF8C0FB9B0281A87029A6F5AEC72462513FC72AE9D6DCB12DCC21FC5B4321
SHA-512:	B9C2CD803B0C78866993273F524BAED56B90400BB5F5B9434B4941E06C753978685BECEB931A01302B5D9F7727FBFBF570FA694AB9460B9772C3DEF8293C4E55
Malicious:	false
Reputation:	low
Preview:	0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ..3.P#/....."#.Da3...1.AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......>..g........0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js .....P#/....."#.D.....1.AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......YT.f........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	354
Entropy (8bit):	5.501704775694964
Encrypted:	false
SSDEEP:	6:md4HXXYOFLvEjMSWFvntrttUdyP41TK6t5898d4HXXYOFLvEjMSWFvaDl/0wttUX:KkXxKMSCvdttUlT3kXxKMSCvaLttUl
MD5:	6D23A064DA67149B1E9CE8C3824E2A63
SHA1:	50CA8BE988678AE56A72B5FB785DB17294764070
SHA-256:	1B72424DADD370A5B3768C1DAD3670A626A7837E1AA5B795465118F037D1CF0D
SHA-512:	29A6234285346A472BFA60914208E372BDDB5C838C83C9BB9325EA3F09B6B231CC230B38E09C732981119F86B80B245452C8FB0A36F8484042BCDD2FCC1E2E5F
Malicious:	false
Reputation:	low
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .m.r.P#/....."#.D..0..1.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo..................0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .g\|.P#/....."#.Df/9..1.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......f...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	374
Entropy (8bit):	5.6117023126821675
Encrypted:	false
SSDEEP:	6:mkl9YOFLvEWsfOLHtiUPyyM+VY1TK6tvkl9YOFLvEWsfOLEjD/3TaPyyM+VY1TKJ:5h6OLIWfkeh6OLEjDwfkY
MD5:	1E049526D7B658098DBA86ADDAAF5F52
SHA1:	63B4EF0E93B655632F62AAAEEA197665F2669D27
SHA-256:	E10BEAE2773CE68853790D31ADC43CCC4D2DADB10F11917CBCDD6D3D8728F6C7
SHA-512:	8A55D44B038CAB1EE9B60E1349E24E2B86C71B7C315FD52C23A13A895888AC6698A3BBD3101CB4016919271C44C61C967E77AA7C606E65035E34F8C86B983C68
Malicious:	false
Reputation:	low
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .L...P#/....."#.D....1.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo..................0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .....P#/....."#.D.Qg..1.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......]..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	488
Entropy (8bit):	5.596933976676174
Encrypted:	false
SSDEEP:	12:URVFAFjVFAFasJGYwSeKaTLnHRVFAFjVFAFnR+wSeKaTLn:UB4v4as5wzXLnHB4v4nUwzXLn
MD5:	BD3794D59D23812D2E381E68B2969D76
SHA1:	069EA7F80F45EFB5CE257576A9869BF4A5099AEE
SHA-256:	89E9AE5EE99D8D047DCFD133896626104B76C97A213786B4847563A42EC0E5A8
SHA-512:	F4B22E4C402FC33E98BDD050193537618D719EE73FC68DE853874F3F3E77D6107B000E0757EA4D16036A422BCF12711FBD70C7E20231B4CF2DA249052B9189C0
Malicious:	false
Reputation:	low
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .k..P#/....."#.D.s...1.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo.......Tin........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .0...P#/....."#.D....1.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.55392238695401
Encrypted:	false
SSDEEP:	6:ms2VYOFLvEWdvBIEGdeXu3vl/UY5kY11TK6tnY2s2VYOFLvEWdvBIEGdeXujKdXA:BsR2EseAvlsY5kGNWsR2EsegKdQ
MD5:	E486E59C87FAAD5764D66429D294E0DE
SHA1:	C073EF61C638B0DFF0EDDD1D3AAFF4DAAC5B8571
SHA-256:	1EAFE7EAC0D1215F6FF8A81BE429063F46943AAB59A7D65DD61325BBB85CDC2E
SHA-512:	03832F25EC9C919FBE6E376BFF3ABBD7937FDC74759455B7D63E926C8FB864EBB9511750A1FF5E9498B2D758ED6EF9DAA2A2628A9102F1FC2361585CA7AB69DE
Malicious:	false
Reputation:	low
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..S.P#/....."#.D.=...1.A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo......5...........0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..^..P#/....."#.D.....1.A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	404
Entropy (8bit):	5.706772783692442
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQJtnCaoB7OhKlvA1TK6tuEaVYOFLvEWdwAPCQh7aVoB7OhKlI:RbR16fBJkYbR16ToBJkTl
MD5:	126DB357E8421C907BA99E6BA07B1050
SHA1:	E28AB6EF61213340ED9428D0B2F4A0D2D2F56533
SHA-256:	7B36F4817C9041B9E711C0F7A490320E2D5F0AB0EAA4C31ADD0728F173790F07
SHA-512:	EA22C10613731B323301268482508E221C41B68BB136419F58369236D01A89802754AAEED2A918A655C57E8F09042C8273BADE8BB7FC00CA502C565BD79FC908
Malicious:	false
Reputation:	low
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js .&..P#/....."#.D7....1.A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo........Lz........0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js .b...P#/....."#.D.....1.A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo.......R..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.6489902112757475
Encrypted:	false
SSDEEP:	6:ms2gEYOFLvEWdGQRQVuC/v0QdFt1TK6tFXr98s2gEYOFLvEWdGQRQVuWeqNQdFt5:B2geRHRQnX00T79r2geRHRQ9N0
MD5:	F2971703B7F4FBF73733B38DC5455EBE
SHA1:	499503B56704790ACDCA33F739FFBC171EB88988
SHA-256:	98D1C1A196B9EA9E8E7BC03C1031B6F6488050EE35226B4330CCE149852A1F63
SHA-512:	E7855B371AD61E11339700511E39D760872125734AB80584B1484B4DF6C7B44E6506946EB632EC39296CA48C314362A307F9669047234D7F819E9317BF6544EB
Malicious:	false
Reputation:	low
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..O.P#/....."#.D.....1.A@..{o]...9o\|..qY....T....{..u.b..A..Eo...................A..Eo......M...........0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js .MS..P#/....."#.D.....1.A@..{o]...9o\|..qY....T....{..u.b..A..Eo...................A..Eo.......6(.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	412
Entropy (8bit):	5.643436474032497
Encrypted:	false
SSDEEP:	6:mzyEYOFLvEWdrIOQfovl/tt1S/1TK6tOzyEYOFLvEWdrIOQrdtout1S/1TK6t0:WyeRlBlFt1wYyeRlaKut1w
MD5:	EFFCFF6B6603D95A63F4E06C7A1D03D5
SHA1:	DC294A33EF6C7E1D6B268DE16DC472D073296B70
SHA-256:	FF0898B92967390F9B2554E92CE4FB9370B755431DDF6070F6A0B335B5A7892F
SHA-512:	E5BCC650903E61FA0F947274B36CFC9431FBB717E5EF24E41F6E46B09A6F2D2C6EBBA3A4415ECB08264089EEE38D4044E5E5839C5FB2FAB662B01B8826EB4C3E
Malicious:	false
Reputation:	low
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .....P#/....."#.D...1.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo..................0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .c...P#/....."#.D..q..1.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	436
Entropy (8bit):	5.587767754904563
Encrypted:	false
SSDEEP:	6:mnYOFLvEWdhwyuViFPqwK+41TK6tYenYOFLvEWdhwyu0SjU9IqwK+41TK6t:wRhRCwK+ENRhOU9hwK+E
MD5:	CF915963F383FC4195889A93471DF8B8
SHA1:	7C2C19A3D3AAF3DFF817566737F06332F05CCB2A
SHA-256:	C2C3DA31AF1F60A471B4B7BF6261CD6F89D9F7C82EFD81C9259A98E4DB82D21E
SHA-512:	47D2F6264123A5C71C0B3359F8586A6B22CEEA3EFB1F3DC5E09E82A3C31E71FC29B6267548CB96154EB78395207E2CC031652105CE03FB2B5A33C7BCDDB71193
Malicious:	false
Reputation:	low
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .....P#/....."#.D.....1.A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo......*AEs........0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .....P#/....."#.D....1.A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo.......w.B........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	460
Entropy (8bit):	5.58117055453497
Encrypted:	false
SSDEEP:	6:mYXYOFLvEWdrROk/RJbuTg/ufO441TK6tCYXYOFLvEWdrROk/RJbu+PXcOU5k2Xx:/RrROk/cgmfLEtRrROk/47EfLE
MD5:	9BC4282B9B7C6169B4056ED55D39F57A
SHA1:	110802AB14062B1D4DD9EDA15BFDC4D81B8F09A4
SHA-256:	48FB6A57AC4723186E4BDA2BC5F04D2290E8A7A2C44536FFC23E3C2B3F2098D6
SHA-512:	14FB4E08B1ED1D9F510D473833699DA09AC787239E58BC219FC9AD43E2F3630205D54FD73D7AEA964361233F8E2E9EE08C7315A2C4697560AB4A0210EDC3B4D6
Malicious:	false
Reputation:	low
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .....P#/....."#.DxG...1.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......."Ho........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .....P#/....."#.D.kq..1.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......1j4\........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.613620395993253
Encrypted:	false
SSDEEP:	6:mmDEYOFLvEWXI0kB1QPLr1TK6tiMmDEYOFLvEWXIK/4J41QPLr1TK6tC:xqTcCPLncjqT7AJ4CPLn
MD5:	463FE2B035CD2162C662552F0C7B8734
SHA1:	BA9EF8FDD44F0DF6F8CF77FC2027171B0537C6E4
SHA-256:	A6005B29C8FC1C34623A0822BF1F7C7B6711AEC6B7FEAF67C1343ABFF0B15A84
SHA-512:	0A3DF7DAEEBDB968649E21191F23612173D06007EAD75BF07D270EAA20B774087F0D499A8A4853B2FD1BD5C16A0E8839FF99F467C08F863A39F2A56CAE088D3D
Malicious:	false
Reputation:	low
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .....P#/....."#.D#....1.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......+J..........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .6...P#/....."#.D.Fg..1.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......H..!........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	414
Entropy (8bit):	5.655833566262272
Encrypted:	false
SSDEEP:	6:m52YOFLvEWdMAuas/zZsEJ41TK6t952YOFLvEWdMAu36tI+iUAsEJ41TK6tM7:zRMtbZsD+RM16ezsDm
MD5:	BE8C7828FE1800DE6C8A75696CE2A31E
SHA1:	F508AFA01810E3C5CE4ABE5B4E2550C1B8C87CD9
SHA-256:	F4305B09D7E7E3167B9F7A879DE66EC23B080E820189BBF7892ABFAD01E373BD
SHA-512:	159050F3B7934AC1499B4EBFB662C7249A131B2710FC49D63059990DB9AE06F878D3783EB817171CF109976797D9A44A5D3615E7BD4384A9323C18246D27C1A8
Malicious:	false
Reputation:	low
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..z.P#/....."#.DV~...1.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......-U..........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .....P#/....."#.D....1.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.......].\|........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.633084014516859
Encrypted:	false
SSDEEP:	6:mYilPYOFLvEWd8CAdAu1Z/+ySFong1TK6tBZFEYilPYOFLvEWd8CAdAutw1dXMJW:6lJRk2ySFoMXZilJRortzSFoMR
MD5:	075246DB1A106EA61A98E35947129266
SHA1:	35B01AC4261EBA27CE1D23030C6205253CE41228
SHA-256:	0FECB930E75417BE52A8394BBA811B2012C00B768427B6CE05F5D8E5D9CFD6C8
SHA-512:	4126C8B5810448232911AA2362CF2D71BC2239C5D79C99DBECDD707A15C5E03479BC371DA224A01D27B91223628098E6BCB238FF21AD59E6E8B204607979E6FA
Malicious:	false
Reputation:	low
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .:}.P#/....."#.D.....1.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.........F........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .....P#/....."#.D.....1.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......IC.8........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	5.612550172827074
Encrypted:	false
SSDEEP:	6:mY8nYOFLvEWdrROk/IuAGa/Ze16wG1TK6tHY8nYOFLvEWdrROk/Iu0a/naySe162:F8hRrROk/Jaxe2u8hRrROk/NYe2
MD5:	8C058144DBFF4137AF23BD0AB1B47108
SHA1:	08601642A3D85D3FFD016D3B5FEE5C12F6DE39A4
SHA-256:	2EB13B374FD363C6CE8DBA838FB42AF7C0480CEC1A3FB988846E29BB92B938E1
SHA-512:	2D873459831721DCC4482FE3D2FC7A7F7EFB1ECC7D6585A3F1D1A2616079AD7755F9050AA3B367F4CA8F082D1CE1E5BC28C46267D97E21A8CB3F271EDC499CE2
Malicious:	false
Reputation:	low
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .....P#/....."#.D.~...1.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.................0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .5...P#/....."#.D.Gq..1.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.........m........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	426
Entropy (8bit):	5.693967762463333
Encrypted:	false
SSDEEP:	6:mLrnYOFLvEWdrIoJUQA/ZPKrNJIi1TK6txTeLrnYOFLvEWdrIoJUQS1ntJXYKrN3:ehRcVBirNJICnTGhRcV1XRrNJIC
MD5:	B397869CB2BEB4325FE8C8178E1EFF47
SHA1:	867324578DB54DB4B368D8EC6A58B96E4ADDD629
SHA-256:	17C96CE03D1C777F165B0753A8696B6AD20C93928D74422E88489E514C2DC623
SHA-512:	E299B0DCA29E8AFAD7781533EEC13BF63E5137565CB8AB5F9EC3933A7968ECB7590EE3D5F622A4A1DFBB07F6FECD5D285F93695552C9327B094E881B169760E8
Malicious:	false
Reputation:	low
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ....P#/....."#.D....1.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo..................0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .....P#/....."#.DQ.q..1.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo....../..[........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.5790941836840755
Encrypted:	false
SSDEEP:	6:mOEYOFLvEWdrIhuWu/BmLzgm2d/1TK6tROEYOFLvEWdrIhuID/SobLzgm2d/1TK6:0RDaRepRmDjRepH
MD5:	9A9CA8E6855E30EA951198DF00C5A450
SHA1:	5B8EC66650230A6CAA1CBFBA657DAA03BB1AA7DA
SHA-256:	A5A085B729B40A5C16D77DD3E0E3F536C4B4E2ECA2B979A8F10357ECDF445494
SHA-512:	58E17804D9E5C1BE698E3B65675DB9BAA73B40361B3430DF20092617DB87E9A8084A474B050E03807A0132CD33FC32A5B8F7BB7C273785EABF16E6127B59BE58
Malicious:	false
Reputation:	low
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .Cr..P#/....."#.Dr....1.AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo.......%..........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ....P#/....."#.D@.q..1.AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo......E...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	376
Entropy (8bit):	5.602065548872679
Encrypted:	false
SSDEEP:	6:mAElVYOFLvEW1KW/Dkx56uvp1TK6tbAElVYOFLvEW1KpUlLXoRSkx56uvp1TK6t9:6JJKW0xJJKpUlL4RB
MD5:	A8E1B122DBC0CBECD7199674182953FF
SHA1:	529808DECD885319E448C1ABA42707CE6436F29E
SHA-256:	EF74EEAE6A1228A72FD376978F33E2C9339338CF9943909518D8C40A9768927B
SHA-512:	C10FC3E0CFE1C3EA9D48DA441629D23E555C4C98A6034DA768263591AD1171060D0F58EAB5D35A86BBC4252E2C9331FB96E0A9EF634FE061EF3A0D61EA95B6D4
Malicious:	false
Reputation:	low
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .?Ru.P#/....."#.Dj.D..1.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......y..........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .T..P#/....."#.D..L..1.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......m.q........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	428
Entropy (8bit):	5.667975495858083
Encrypted:	false
SSDEEP:	6:mWYOFLvEWdBJvvuX/SrhUDLYtmOZn1TK6tsWYOFLvEWdBJvvue8ttkkrhUDLYtmp:xRBJQXDcFZLZRBJpkeDcFZL
MD5:	5FCA21D8B1CD75FAFBF7D24593BA0B5A
SHA1:	00A3F2FAA049A93B31D45DC475E006CFFDC1AE07
SHA-256:	85F705C7E6FFE2CB1EFC6ED05AC2A8DD9FF9A617B9ABAA4A6098D6C9225AD8FF
SHA-512:	66A43CD8E46B1C7A8E135CBFD2F5C56E7A79BA5B4C2EBD7714170B85666072686FCC443866101D3FC5A503F62663E0503D4E5AAE6FAD6BE7423395DDF79A5DB2
Malicious:	false
Reputation:	low
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .}x.P#/....."#.D.V...1.A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo......../.........0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .....P#/....."#.D.....1.A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo.......J.$........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.585548924709367
Encrypted:	false
SSDEEP:	6:msRPYOFLvEWIa7zp7EntvOEVPu1TK6tGMsRPYOFLvEWIa7zp7W/WdVPu1TK6tN:BPHunncyPHrcz
MD5:	D42B32401350B4CF8D789E5009683540
SHA1:	60963FE85A01698EAF5FCE88E533FAF3F5BB9CED
SHA-256:	FB64A9E0A77A47888B24BE739611BEA6F95EBA289F600E1E8E27DA64DA6ED088
SHA-512:	718A267FC8B487A832DB0276AA61BC8FB79C9B660F25F8EB5BED7E2D578132166BACD6DA3357C23FB651B4BFF3EF9E8A94932538508D2F37B5B86C13653D3E87
Malicious:	false
Reputation:	low
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ...r.P#/....."#.D..0..1.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......b..........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....P#/....."#.D..9..1.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......[m6.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.619900621198067
Encrypted:	false
SSDEEP:	6:mKPYOFLvEWdENU9Qg1tfqDiM3Y1TK6teEKPYOFLvEWdENU9QZ7fcDiM3Y1TK6t:bJRT9H1Ur0oJRT9ycDr0
MD5:	220C8A4421C8E46118C2712708C74B40
SHA1:	33BBA44102DE5A91FE03FE6494B4B400890AB898
SHA-256:	333FD06B9EC30CFBC2D85024FE4FFC84F897508E28B849B982045209A4680BAD
SHA-512:	6B7F22C7C261FE1DF2ED49B6CB585BF894F182FAC4463A584A47E4A447CF11FE21313540988CE40CDBA8DD4B6CDF62220CCF0AB6076E39C171E5DFB60C53CB6A
Malicious:	false
Reputation:	low
Preview:	0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ....P#/....."#.D2q...1.A...M....m+lS..e.....<7.U.P8.0K.A..Eo...................A..Eo.........0........0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js .....P#/....."#.D.....1.A...M....m+lS..e.....<7.U.P8.0K.A..Eo...................A..Eo......V<..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.660594820461096
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQ5ltmUMIjBRCh/41TK6tEQt6EYOFLvEWdccAHQjPIjBRChG:XRc9KlYUMIDi/ErRc9IIDi/E9
MD5:	5FF1EC1592A39978D9CB0352FB548406
SHA1:	FCC5F38BC038BDB3536C4760B01B316872D0B6C2
SHA-256:	B18C2F922CD87A921977EAAD00C50691BFADC78F9FE6D08839475F302A4BF8F6
SHA-512:	E1EA1E7623BC95B8180BBBAB08397DBCAC3FD28045CEA1A1A956A1FC87997842CD61936C595D7AE783F43CCAB4B8BB9DB5C14F525C836FC11A5C24E2B38028E2
Malicious:	false
Reputation:	low
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ..6.P#/....."#.D9C...1.APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo......,...........0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .....P#/....."#.D.>...1.APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo.......M..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.5705488532860885
Encrypted:	false
SSDEEP:	6:mqs6XYOFLvEWdFCi5mhufKXzFkk+ULlF4r1TK6t:bs6xRkiwRDLlF4n
MD5:	545EAE2F8BB089011FD4C6ED300B355A
SHA1:	B3FA77D4D92DF0987E913469D9492A576ED483AB
SHA-256:	CE255270D129C19330805FA71AB67EC0B6237CF4498A6A4385A026F265D0600C
SHA-512:	7A30795318E7833051E8EAE85A36208A83DE43201DE1475A9DB41D40AF60502A147D69DAA3444E13B054AFF2A0F37B60E7F21AEB897376B93968B01577385F4D
Malicious:	false
Reputation:	low
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ....P#/....."#.D.@...1.A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo......XrR2........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.577139785493878
Encrypted:	false
SSDEEP:	6:mhYOFLvEWd/aFuYtQuKh941TK6tpUhYOFLvEWd/aFuyQ5k941TK6tXf:WRTb9EDQR75k9ER
MD5:	7A9357E11A597592C5460E45D9634CF8
SHA1:	9C1AFF6632E2F19DA8E530586EE70708A640C560
SHA-256:	873F4E6A737DA1646DACAE0913F4D67C4547BB1EC1CA4CC22407A549576A1380
SHA-512:	780C5C6652BF9EABA8B82D3ED86B929A04251D221A324A42F7818ACEA8D7236D0818CC2F8A46E7E3B0984E24DA57B0A53F925986EDACC61B0BFB56596C2E1363
Malicious:	false
Reputation:	low
Preview:	0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ..M.P#/....."#.D.....1.A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo......7.'.........0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js .....P#/....."#.D.....1.A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo......`?..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.562799381653445
Encrypted:	false
SSDEEP:	6:mR9YOFLvEWd7VIGXOdQxm12oBMqVd3G4K41TK6t8XMR9YOFLvEWd7VIGXOdQDnZs:2DRuRikpB9Vd2kKXIDRuRvB9Vd2k
MD5:	F022A0EFCCA606F22DABC9BFBD77B120
SHA1:	3D3BC0F6FD6F0E142A8CC1CD7147BB0B5C922E22
SHA-256:	F10A26E1C3F0B3532FB2037742391CFD3C53B24DFDB92A0EC235CC9D4A9A086A
SHA-512:	81FF3D01A90052A7DFADD156587E722753CC769C0724971527787CAA231BA0DF39EC882622D192D0EF9C88B68C415941832FB8D6F3D79BBF3AABBA0446F53DD7
Malicious:	false
Reputation:	low
Preview:	0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ....P#/....."#.D.....1.A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo......6.8.........0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js .%o..P#/....."#.D.]...1.A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.608128232459311
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9QX7qNuA424r1TK6tyHekqYOFLvEWd8CAd9Qt6toNuA424r1D:+RQN8rn82RQe6i8rn
MD5:	E2FF50DA7B0A3BAC90BB492430924B3F
SHA1:	AAD0198ADC5CEFE7F3BAAC59CAC21A13BD1B3D4E
SHA-256:	497677604D4F1CAF90CA21CB17E74279797D6228ADDA8F7A65524BB3BBD98960
SHA-512:	1078BD8B45EA5082EC2C292F6FC7AAA24ACC46703184D2BD32DF19776EDEB00ED161805E2C594251A27FB8EE87EA5910C0B148E6F695F08FAF21964610D15EF8
Malicious:	false
Reputation:	low
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .(..P#/....."#.D=d...1.A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo........x........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..]..P#/....."#.D.....1.A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......=..&........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.565221433920436
Encrypted:	false
SSDEEP:	6:moXXYOFLvEWdENUAuz6dyC8n1TK6tSeoXXYOFLvEWdENUAuceIyC8n1TK6tR:xhRTK7QEZhRT47QL
MD5:	2CD7DC451E31A66014FF8AA92DA93976
SHA1:	B29F502150E4B9D0B27443C343F5F30A179A9424
SHA-256:	3899A39D9DFA176FA0D3BE7A51D41A11F2F2D227AB07E8F5733F80C144B87857
SHA-512:	5305AFD0D2E88D8153A0B6F86CF7369F1A4480FCA61F7E16D1C9FB3ED6A8090EAAF4CC1F2874927C240203583613B26BE18A5E47B0879EEAE64C733B3D7D39B6
Malicious:	false
Reputation:	low
Preview:	0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .j...P#/....."#.D.q...1.A8.../...;.\\o....1..........+..A..Eo...................A..Eo......+..t........0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .^...P#/....."#.DD....1.A8.../...;.\\o....1..........+..A..Eo...................A..Eo........!.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	442
Entropy (8bit):	5.65116253488703
Encrypted:	false
SSDEEP:	6:mQZYOFLvEWdrROk/VQXrlRl/6lLmB41TK6t5MQZYOFLvEWdrROk/VQCM6LmB41T9:nRrROk/VCfmTlRrROk/VkTm
MD5:	37A3424D2323A2F5ED2752C713331AE2
SHA1:	31634157CA73E6BBC4CC432E9EE2A4F9B65B0195
SHA-256:	606C2C7656145ECF5033225F5C613B116B76E47C2D0CF51AA9EEFAA6D6BFEA2F
SHA-512:	1D0CD71160228138D41150780CB9A0E766DEE9851FF6399B13CA19FA17267E6813C6C755DDD9D0B053F3B3CE4B3C99FC21DE3A0A701E2508CCF4D64C19570E13
Malicious:	false
Reputation:	low
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .....P#/....."#.D.....1.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......4...........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .....P#/....."#.D..q..1.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.5917761355630775
Encrypted:	false
SSDEEP:	6:mZ/lXYOFLvEWdccAWudR/8SAdm9741TK6tAZ/lXYOFLvEWdccAWu+uMAdm9741Ts:qxRc5ESAdu7ESxRcKAdu7ES
MD5:	8C940B08E1DB0C0BC900BDA9627E1A20
SHA1:	F9545038ADD283BB44FB001731DD1DB7A96BFEFE
SHA-256:	2BC9DE5EA2D2A67DFD4745F9F685AD94F06D7FE9702386242A398FEDDBCD903A
SHA-512:	66F9E4E44037769B8FCB4ACB0F8270B72775AEAC0D732AEE464E7643A32ED4D9E36830FD8B74B3500F0B1D7AA54AA2784F37AC54C7C9913D938C96A7F093B548
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ..5.P#/....."#.D....1.A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo.......YA.........0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js .1G..P#/....."#.D....1.A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo......@...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.572597928034251
Encrypted:	false
SSDEEP:	6:mMOYOFLvEWdwAPVuaXUJn1TK6t58MOYOFLvEWdwAPVu4al7hamHJn1TK6tO:2R1GLUR1jFmpLg
MD5:	5B179219290F6EB5FB27D0DCC825C4B0
SHA1:	DC6D825C42EA470571A6D74B200376E7DEFF7465
SHA-256:	F3A6DE304D904DDBE7056ED24456F276A6E88C171102234704C387D32525AED5
SHA-512:	185682AE4166C78F5F8013C10400C1BF7AED465AB6E88C8B45A88FA62651EA78B8709E8413365C49EB9EC818D198602BA88DE65AAF3D7C6AB15E733C930E11AE
Malicious:	false
Reputation:	low
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js .Q...P#/....."#.Dt....1.A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo.......y.:........0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js .t...P#/....."#.D.....1.A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	424
Entropy (8bit):	5.682346914117556
Encrypted:	false
SSDEEP:	6:m3PXYOFLvEWdBJvYQAKTzhcsBXIh1TK6tWc3PXYOFLvEWdBJvYQOq6zhcsBXIh1h:mxRBJQSDB00YxRBJQhtDB0v
MD5:	6D316CD50E1F701E43565AE771F75096
SHA1:	23F0FFF2FC275CCA3D1F63DEA2BEA35797A72864
SHA-256:	69AF99FF6601FEB62C4F31EF1B640E641C81134AB519B8ABA76B248E2F651288
SHA-512:	CB8DCA11B93F99D64FE9852D1FADD278DF3F2491E06C688AFB0060CF6EED363C18FC711DE793A7CD08ED224C6B82907CAE05FC9959BB3400860BA35B762DAB28
Malicious:	false
Reputation:	low
Preview:	0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ..:.P#/....."#.D.....1.A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo......b...........0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js .....P#/....."#.D)....1.A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo.......Q#.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	456
Entropy (8bit):	5.589226630589168
Encrypted:	false
SSDEEP:	6:msPYOFLvEWdrROk/RJUQtxRl/kG5lc3Me/1TK6tB98sPYOFLvEWdrROk/RJUQ5t2:3RrROk/seqG5lcv/RrROk/s8c
MD5:	98F1C2BA9A6655AEA9FF1A0E79807024
SHA1:	90CDF7812DB41988E4095F6A6EB8B468C48E0516
SHA-256:	44C57CAA3B706137F9FCC5BD4C2D12538EA282BAE581DE15E46883397BE8658D
SHA-512:	DFD7F97CF3791EB5A52F94999C2D46B30BD2B578F6092F4DDE68566FC6FCBB48A629577F9FCF32507A095C3B1C5818DD4EE2C1F84B05AD9C6678DADBF7FCB51D
Malicious:	false
Reputation:	low
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .....P#/....."#.D.....1.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......:...........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .:1..P#/....."#.Dd?r..1.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	Maple help database
Category:	modified
Size (bytes):	1032
Entropy (8bit):	5.044483061117723
Encrypted:	false
SSDEEP:	24:0t6zHYFzwaKDkQYMWG9Mz0MsF8bFWtnKHzLwwDqr35LzYkuzLP6ecqtcJc3mFR:k6bYFzVKDkQYX4MzrsF8bFWtnKHzLwwU
MD5:	E3B04511347DA5F9E9E07090E3839832
SHA1:	987C49E92F495F856955CD7F60BC58FF5E5BC09C
SHA-256:	99D983B18F8F4D680BD198867C5FEC3348935B4B680EF08BD194F9FE98493752
SHA-512:	E7343556538967CF90D1C9B21EA6D6B5A922FAD9AE47C9A5E20D277E58849C201F71620233A69A89073F3B1FD78C7C42965592700ECD3B90AA5858B0367578F5
Malicious:	false
Reputation:	low
Preview:	....e#u.oy retne....)........T............3.......P#/..........v...q..@y..P#/..........C..M.....k...............#...(...k.............]...I..7.P#/.................7.P#/...........6<\|....7.P#/.........<...W..J.7.P#/..............oB.7.P#/...........a.....7.P#/...........;.y~A.@y..P#/...........P....V@y..P#/.........F..=z;.@y..P#/.............o.@y..P#/.............@y..P#/...........2q....@y..P#/.........Gy.'.h.@y..P#/.............k7A.@y..P#/.........:..N.A..@y..P#/..........;/.....P#/....................P#/............P[. q....P#/.........,+..._.#....P#/..........J..j.......P#/...................P#/..........o..k......P#/.........^.~..z.....P#/..........[.i..%.....P#/..........+.{..'....P#/............MV3......P#/..........@..x....P#/.........)....J:....P#/.........A?.2:......P#/..............q.....P#/..........&.S.......P#/..........u\]..q....P#/.........!...0.o....P#/.........+.U.!..V....P#/..........~.,.4>....P#/.............D.4.....P#/.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.23230591323487
Encrypted:	false
SSDEEP:	6:mwbKGyQRI+q2Pwkn2nKuAl9OmbnIFUtpDbKGy+NZmwPDbKGy+RVkwOwkn2nKuAlz:vyEdvYfHAahFUtpfyu/PfyC5JfHAaSJ
MD5:	55D05E417020E36E71B3021ED64B7E26
SHA1:	916BB461672039B6A7192EAD5B673B03CEB41016
SHA-256:	026BE53A00137F4639AC7166B76B102A00F8EFAC65C11E1A45D28735842138EA
SHA-512:	6C125F1A1282C2F1B68C81797A35E03C71A3A20AFFBA58DE328C8CE8191FA37ACBBCCE7D6D487EA91F0AC51CAAD72746A324754CFD7176CE2053013178A81526
Malicious:	false
Reputation:	low
Preview:	2021/06/14-15:56:05.808 1498 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/06/14-15:56:05.810 1498 Recovering log #3.2021/06/14-15:56:05.810 1498 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	786432
Entropy (8bit):	0.008050090959268128
Encrypted:	false
SSDEEP:	12:I+mmTsx+mmTsxlNTpyxHHyTpyxHHyTpyxHHyTpy:TmbsmbPXytHwytHwytHwy
MD5:	03B3B4BB0F979E273B32ECC52C9B0E01
SHA1:	D307CEFF6AC7E7D3E424C1A855C56168596AEF69
SHA-256:	299FDCED8539A4D45595DBB33856A5A4045215BFECDD3EB7206996390C48C643
SHA-512:	4927E9663FD9AB3DB4449C765F0A55D33DFB51029B3F129E8FD1625C0C5F5593F52E59F180A5A0D1FE49D13C16D84EF3875FAB580375CADB6C5A4CF7439EDA19
Malicious:	false
Reputation:	low
Preview:	VLnk.....?......).0k....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3024000
Category:	modified
Size (bytes):	24576
Entropy (8bit):	3.5941597828873175
Encrypted:	false
SSDEEP:	96:k49IVXEBodRBkGOqCgOVhZCPL49IVXEBodRBkYBOqCgO9hZCP749IVXEBodRBkJN:HedRB3gedRBlB0edRBs
MD5:	AD4356E19A0DF0A3AA2E43D6A0B8D1B0
SHA1:	8BE9CC45F7352A117FA8A616FA739A2E64528356
SHA-256:	DA9FC78BE1BFB6B07CC55F90321C240192E7E481ED977F3DFDB41F30C54179E1
SHA-512:	5F641BAFC2E850D0F15D1B4234AB6FA89C0590A737C96420B7AA2274F0CD1842664A46B230C7FFACEFDAF3D94ABDE400AA110BEA42B95A8D89AD0A89A677D331
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	26196
Entropy (8bit):	3.3849085607560734
Encrypted:	false
SSDEEP:	96:mCgOOhZCPe949IVXEBodRBktOqCgOVhZCPht49IVXEBodRBk0BOqCgO9hZCP3d4k:oiedRB0RSedRB1BzCedRBN
MD5:	5E62F9E5E1508035A336B5707D099E86
SHA1:	1FB89A51E002A95F7F51ED12D9062DBC58596D60
SHA-256:	86EF850A2B6CE1BB592B11BB5BEE2792249D8DD870834AFF560735F9C4B9F8AB
SHA-512:	61937AE4521434F0AF74C60B54BDED68D8695C11F19C23C275DC42E18A166237EA14C1F497D871B0B66166BED2D3213CB4C0BB2AFC7DBF68B948B1590C6C640A
Malicious:	false
Reputation:	low
Preview:	............b.gf..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................W....X.W.L...y.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	63598
Entropy (8bit):	5.4331110334817385
Encrypted:	false
SSDEEP:	768:PCbGNFYGpiyVFiC0ZQ6CiERhHYkBdqQiNxC082xdfdtYyu:J0GpiyVFihxCiERhHxBQQ2HfdtK
MD5:	427D270448258C41F48A7C424664C0C5
SHA1:	304A2E7E071530BBE13ED8E307FE6EE9C84D4248
SHA-256:	161DD0CD55DFE835B92E64785E63E8BB608FCF017D0974CF24AA50EF2D70C37A
SHA-512:	58D37A7D88FD25684C3A9F65753D6208FB0998496CF7C3F6AD24041638B95526D48FCB6CEFD4469455B54822820363A282DCD8223E7D3354EAD884E6B17AE065
Malicious:	false
Reputation:	low
Preview:	4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{300A0064-CD18-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	33368
Entropy (8bit):	1.852606279420019
Encrypted:	false
SSDEEP:	192:rHYZ5ZZN02ovWBOtdrif3ogazM3SBNsDhSBoyt3gJj3:rHY5PNjoeBudM3R6kE/+
MD5:	A788E00C6A1122BEB0E63B91AFE22B24
SHA1:	13AC4280260A98A54143415B650CB37C73F4373B
SHA-256:	B8EE405244E04401EADB1DC7CB456061F623C428CB9444615C20E7695A06DBEE
SHA-512:	1BD11FB6DED548B17C1DE5BDDF2F8B02475D2A9EB27BBB41774046DDDB09DA4DDE109156EB8AD560492D157728356A8B02969430C060B757787BE69D56494936
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{300A0066-CD18-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24416
Entropy (8bit):	1.6805046523404483
Encrypted:	false
SSDEEP:	48:IwFpGcprriGwpalG4pQhGrapbSAGQpBwGHHpcFTGUp8BGzYpmFbGop1Lfe+lQF+u:rFvZrKQ36xBSojf2HWvMH76pucpEg
MD5:	1921528C64BFB62FEAFEA9E5EB6D1D9E
SHA1:	1C30407B4D440B33E6E38F0FD603F87424F2510A
SHA-256:	982C21FEB9F41463523684D25BE763FB55174DA297BB9EF6B1D82A05476ECB3A
SHA-512:	347036D0AB838EF1AE5F02EB4BCCEA327BE647FDC71710564C28F35710CA38074DEA0C55C3710A0F3383355082B597EE06A8B29DCE28F4AF372EB35045F6C3D3
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{300A0067-CD18-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5642012100079672
Encrypted:	false
SSDEEP:	48:Iw+GcprHGwpaWG4pQSGrapbSfGQpKdG7HpRSTGIpG:riZRQm6UBSJA8TGA
MD5:	A011FCAC736235679937360F1CA19F1F
SHA1:	A59387E7D6D8B2818A2D8B703C27DB21209B7C2E
SHA-256:	EA418EFE4773428BEA0B7253577BCBAA82F85FD5D700CF0B3F06F357ED016E85
SHA-512:	8EC369CFD8D0D3655AE92857B7AA43BD0AC7E837DEBAFED56725348EAFCB0AB5A28A1CB3FC4DDA51C241F145F273A951CCD26B4023E2C71A9671D42EC920A1C3
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.100304363403191
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEsWFxLmWFxL1nWimI002EtM3MHdNMNxOEsWFxLmWFxL1nWimI00OYGI:2d6NxOpEmE1SZHKd6NxOpEmE1SZ7YLb
MD5:	866F8601C1BC65400E17A9986254C289
SHA1:	E1E7E8EDF5145471AFAF123817F483395B4A4533
SHA-256:	4C60D981EC1CF5AB8CED6A49B5A9B2C4EB6444817CA66F63D5E6A099EBE3504E
SHA-512:	57594AA4235076BD1EA2451576FA8BC9509F0F25B89A17CA86B2B34F9AF4A6DEAE0201F43B3FA998AE481F8980875B549F7CD913DA77CB33034E66BEB181B4DE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.107783474979306
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kswEiLmwEiL1nWimI002EtM3MHdNMNxe2kswEiLmwEiL1nWimI00Op:2d6NxrJgmg1SZHKd6NxrJgmg1SZ7Yzan
MD5:	827E80F3F3012B3C7A26C8EC2CD267A4
SHA1:	CF811E29079C632D052D54D30D19AF2150676244
SHA-256:	DF3EEB392BDA3B154579E12D6223486C41C32663230B252B5A8D62DB40E463F4
SHA-512:	C7E4F6260F0E01C344B38E773C347A1988F20B3284274CB488561DE289B60EA0D2D0191677156A4CE88FCC6802818F394645661368D5B07CC7F8A62C1CA082F4
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x087facc2,0x01d76125</date><accdate>0x087facc2,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x087facc2,0x01d76125</date><accdate>0x087facc2,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.1183309427741195
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLsWFxLmWFxL1nWimI002EtM3MHdNMNxvLsWFxLmWFxL1nWimI00OYG8:2d6NxvwEmE1SZHKd6NxvwEmE1SZ7Yjb
MD5:	2282D4E5BC9735E3EE0F569071C0985C
SHA1:	609B09A48B57EBD9AF3B4FBF32EDACDEBE8B3383
SHA-256:	680EAC423692D42BF8EE9B984AE6A5E869846D2D90BD5ACC4D37B185F669DCCA
SHA-512:	E160B78E85B0164103A0DB633AB3D4F7155D6533A7E67CB68572D6C712F23093FBEF7845D35D8954EDE23C225D5BA283A894E832FAE6778F661AE074748418CB
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.1158550634294855
Encrypted:	false
SSDEEP:	12:TMHdNMNxisWFxLmWFxL1nWimI002EtM3MHdNMNxisWFxLmWFxL1nWimI00OYGd5t:2d6Nx3EmE1SZHKd6Nx3EmE1SZ7YEjb
MD5:	3602C3292CD70AA68F45D9D0D0C588C6
SHA1:	8FBF9116CD89DF12CCEC2C050E5F1E2B2D9914A1
SHA-256:	3B2BF045E003026ADFA87A82FBAD4007F4A6D79FF04B4415E50C21482AB92E63
SHA-512:	07EF7AA3C6160CCAB9D4738EE834CB556CE9AC717AB11C29EBE4871A6E3BBFF4EF82C8FC260DABFADE731BE6C736AD4BA3145A7C5148544EB47ED8DF97BC5AA4
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.1346058165674515
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwsWFxLmWFxL1nWimI002EtM3MHdNMNxhGwsWFxLmWFxL1nWimI00O0:2d6NxQVEmE1SZHKd6NxQVEmE1SZ7YrKG
MD5:	60D905E776E22CF773D0B1F20B22BE4C
SHA1:	E13E7F873D911E6CFB7F2C614FAB792BED56BDFC
SHA-256:	9481709158DB7654DFF2CF8E8E16E9CEFFB9A3B538F30592F3419F2A53127827
SHA-512:	C92A9DF3104670F4A238B93308071D2496D1BED894DA77F9A67E818494DF0AC26E2F7D0C4CFA3EC003E201CC8742B256F1E96212694057444F98C2C77BC6F2BE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.10154553420553
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nsWFxLmWFxL1nWimI002EtM3MHdNMNx0nsWFxLmWFxL1nWimI00OYGn:2d6Nx0sEmE1SZHKd6Nx0sEmE1SZ7Ygb
MD5:	63AE4F44426CEE62FA592B75EDDDFFEC
SHA1:	6003FD47F30B97D5D66F9CC3D8DDADC2E84E08FA
SHA-256:	D6CE78B4808E41CB565C30ED4B0F6150DD8917BF8B48D1853002CD1BBC9BC7F0
SHA-512:	72F790E7FA78CDB64770993E8683628CC38D5C0B3E5CA41046C6A418956535624A9E22BDA47B28CEF8A8CDD2353222A79EAC724018EF44D3D3D870B878FDCD61
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.139939642730986
Encrypted:	false
SSDEEP:	12:TMHdNMNxxsWFxLmWFxL1nWimI002EtM3MHdNMNxxsWFxLmWFxL1nWimI00OYG6KW:2d6NxOEmE1SZHKd6NxOEmE1SZ7Yhb
MD5:	F1EAA8A2105024625C262604AAB03103
SHA1:	335CB0EFF2FE315128E18A6C5EC525D1BA228F20
SHA-256:	F717B3D72D67AD4BCE5DDA0030794D4C63C8673294233BFAF277D3B2FCF423BB
SHA-512:	44934CE073C7DFFB894D5A3249171969CBDB99F46401C93C1250BF56FA02B9D50A814179582C655B003EAD357246D6F74652A43C7BCFDEB7C51BE51A46AB876D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.1193665940078175
Encrypted:	false
SSDEEP:	12:TMHdNMNxcsWFxLmWFxL1nWimI002EtM3MHdNMNxcsWFxLmWFxL1nWimI00OYGVEs:2d6NxhEmE1SZHKd6NxhEmE1SZ7Ykb
MD5:	AE5485223A3C3C00D3A988C6739FA065
SHA1:	1258569823D12085E3F7A879BB9E4834BF5D1260
SHA-256:	DEDB5A6D82F84F0D7D12A14C0D3EA9B07F84F2BBBFC9F98B3EB106301D641D71
SHA-512:	B1055B3A90FFDFD46A9CF5F3A6AA8B616D0A1544DF95EF80633A899C796430BEF51D94D9971CF6383F1FD9595463A1C4D02D7BE8795344AB8C22252684D2861C
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.101138895221944
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnsWFxLmWFxL1nWimI002EtM3MHdNMNxfnsWFxLmWFxL1nWimI00OYGq:2d6NxEEmE1SZHKd6NxEEmE1SZ7YLjb
MD5:	797D483979170978AA643BF491EED5FF
SHA1:	9C9DAACB9D37E70116784E9683B6203CE1DA7DA0
SHA-256:	CDB9535590651501DBDAD90EE61FC30EBC4C47702170828509EC5098A15F5B79
SHA-512:	E9195707E458698100BCDB5178416071D27008C6913BFFE5D50C4FAB37528668AB7C99F92024A49B43213D3C5C5B0BA535FFD23E7F7C250E6271FDDA16509757
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x0886d3af,0x01d76125</date><accdate>0x0886d3af,0x01d76125</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\COVID-19_Guidance_for_Food_Premises[1].pdf Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PDF document, version 1.7
Category:	dropped
Size (bytes):	193942
Entropy (8bit):	7.846252963383442
Encrypted:	false
SSDEEP:	3072:yoMJFNJHaDYl5DIkhesag0ZWUQ1UFu/7KPYSpWZYwHzbXmNPGePJt:yoMJXJ6mDIkhvt1UQ1PY7pGfXmJGoj
MD5:	7674DEC4F79434285A47253D4146FF70
SHA1:	E017959AC365160AD73F69CC2D62C9A890711A13
SHA-256:	108357BA94A609BCD1B6E7625F24A7705D4A2D2C52A0A53DF56207FEF6FDF2FA
SHA-512:	1E5FB52D3B29E7F03171F8C5931E246B85CC61E16FDB2823E107D5A375E9BC529DA8809D27CB39C6692E114237AF6FCD18BFE9C126500BDB9C9357846EFBCD37
Malicious:	false
Reputation:	low
Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 74 0 R/MarkInfo<</Marked true>>/Metadata 528 0 R/ViewerPreferences 529 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 5/Kids[ 3 0 R 30 0 R 32 0 R 47 0 R 52 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 16 0 R/F4 19 0 R/F5 21 0 R/F6 26 0 R/F7 28 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image11 11 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 13 0 R 14 0 R 15 0 R 18 0 R] /MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 4376>>..stream..x..][s...~w.....X..H#i+...gS..f..<$y.A... ....t........*........Q._....t.p~....b......u>...z5..?...4]L.....f..~..Q6..'.....g...?....hx............>?.\|'.!<?p.o.....;......B..s.......q....S\}z.~...c.A.p/.../...`6.k.+..g/.........- .~~v..q.QH.U.....x......'.q..\|..h.....wR.........A?y..&..

C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R8wtubp_1m2pv24_5d8.tmp Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	7.999471612377831
Encrypted:	true
SSDEEP:	6144:Sp70ZTGleMxEF4hLzPf4AvlbNDwvOl6ZHn+WjwhDqyT4UNDqy6NsPuugVJkPPjX7:SpxleMxEK/PzNBDgK6Qx34kDyNwuXIPf
MD5:	2677B86305FC1561D0BEB292AAA74C6D
SHA1:	5123ED01E396FBC0A058F6595094BEC5CE565C31
SHA-256:	4CF4F9D59EA451A921DA8EE0612CD785BF00F35B906BB779E89C09815CB22234
SHA-512:	0C3D4CA3E4FF1F80BF871174DC5967D004FB37C5AC3E0AF9DA02D67EC6482417A5A006F8F494BA9BFF7736FF0576EEAFE89A9A25E31A3838797B32DCF22CFE65
Malicious:	false
Reputation:	low
Preview:	.%....l....`..V.a..tr`...GTn..........N..%..d..~.......L...h9.h.r.....^s..R..E~D\|-5.9&........X.nE...[Q.1c.....v.NH....r.C...............A..9.H..M..z...........oZ..T..jL..r...O...luC..C.!.{H....x..lq....ZC....n6lp.9.(w....u.(......34n....."u.E.%...q......iw...+.a.,....tm..q.\d4.C`...#..M...m.=..d4Q.s.J.;\|....&6..R.Y.7...3..V..,..i......g.@..l....v....v/....1]}.3I......9..q"qN....53"MD.U....!f:....5C....V.~..d ....VG.uE....H..gM.v6i.G.g..>nR....4.4^.GXu.......<..q^#.C......y..VL.........i._G...C.9^.."...N.(.l..o....N6..W.....o./...g..P....I..#....?T7n..E..>..(.A..g.....u3.S.....6.n...E.....Q.[L.F.$.. ...N.......E.x...d*...;.RX....m.Pu....O..z..l.7...!./..7..[Y..a..L...?D...H..s\|V\.>.........d...[.M3D;.vC$..........@Z;S8m....!..$z... rK.Z.}.=n..F&^......".@..aR\|p..3..E....dK.BPz..?.)........es......t.L.....7.Th4..\..,.$Y.a..P3s.~k...aD....5...\..@n....E...F)..'..a..w.Q.....dd lw. #W..JZ..X...O.x./.r.....>L+p.....n...!.e.\[i.K.H_.../...U.Ob..'.E..

C:\Users\user\AppData\Local\Temp\~DF6BA14F25A0E6B823.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF71F58F6AA0B63BF7.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	34609
Entropy (8bit):	0.3941239393454328
Encrypted:	false
SSDEEP:	48:kBqoxKAuvScS+q5y4JFIFXLfe+lQF+xcx/GeM:kBqoxKAuvScS+q5y4JSh6pucp2
MD5:	C5F0E702A1A30060CB92375A7E4FC014
SHA1:	2EA4B80E56D8C55E757F6E237AEAF0738E1FFBF0
SHA-256:	F4F935BE461DD3915A25F421EC861EF9282FEBD7C8ECC67B95BEE9307147DF78
SHA-512:	D35574364B836FE85B2EEE1DAA6B11084621DFAF582EAD99AD851160AF1A4C759CA9B261E592E012317BB764602A2936D13FCA86451C4F08F07445E281D63F3C
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFAA560BC5C50C511B.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13077
Entropy (8bit):	0.4922871398950443
Encrypted:	false
SSDEEP:	12:c9lCg5/9lCgeK9l26an9l26an9l8fRZF9l8fR79lTqJb6lm:c9lLh9lLh9lIn9lIn9lo79lo79lW5
MD5:	387402B6FA9E24601743C84546D85ACA
SHA1:	977D864DFD5B0A0BBD6B2D883221907CF1E9953C
SHA-256:	7BD27CAFFFB6E9EECE5403F90D1E2D8667DC0A9E56FBB43642382FE61FACF90D
SHA-512:	91ADF0A8A7858CE773D2857DC51BE46030DA16C5460876D08DE94973B16BAFA821F028F6711F973BB780A0D149A7FF0FF1913F9840DF00027DA430300C20BC73
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
06/14/21-15:58:36.632459	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.2.4	192.168.2.1

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 14, 2021 15:55:35.900693893 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:35.900883913 CEST	49731	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.099289894 CEST	443	49731	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.099772930 CEST	49731	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.107289076 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.107382059 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.107476950 CEST	49731	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.108454943 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.323571920 CEST	443	49731	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.323616982 CEST	443	49731	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.323632956 CEST	443	49731	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.323652983 CEST	443	49731	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.323673964 CEST	49731	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.323712111 CEST	49731	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.323717117 CEST	49731	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.323720932 CEST	443	49731	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.323764086 CEST	49731	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.331556082 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.331578970 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.331653118 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.331711054 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.331724882 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.331737995 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.331844091 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.333650112 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.333657980 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.367743015 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.368177891 CEST	49731	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.375585079 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.564142942 CEST	443	49731	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.564348936 CEST	49731	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.569264889 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.569493055 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.616354942 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630599976 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630641937 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630671978 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630707026 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630738974 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630778074 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630814075 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630831003 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.630845070 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630856037 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.630861044 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.630878925 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.630893946 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.630969048 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.770423889 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.770447016 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.770818949 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.831928968 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.831954002 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.831967115 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.831978083 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832042933 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832120895 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832151890 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832150936 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832170010 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832170010 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832174063 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832190037 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832226992 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832243919 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832258940 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832266092 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832269907 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832302094 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832305908 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832362890 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832381010 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832396030 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832417011 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832425117 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832499027 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832516909 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832536936 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832540989 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832547903 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832564116 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.832583904 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832587957 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.832695007 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.971857071 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.971909046 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.971920013 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.971947908 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.971957922 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.971987009 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:36.972006083 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:36.972033978 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:37.033133030 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:37.033195019 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:37.033233881 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:37.033271074 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:37.033308983 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:37.033345938 CEST	443	49730	69.10.147.140	192.168.2.4
Jun 14, 2021 15:55:37.033348083 CEST	49730	443	192.168.2.4	69.10.147.140
Jun 14, 2021 15:55:37.033381939 CEST	49730	443	192.168.2.4	69.10.147.140

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 14, 2021 15:55:27.326623917 CEST	49714	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:27.376590014 CEST	53	49714	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:27.973284006 CEST	58028	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:28.033381939 CEST	53	58028	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:28.937614918 CEST	53097	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:28.988832951 CEST	53	53097	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:29.956592083 CEST	49257	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:30.009562969 CEST	53	49257	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:30.818468094 CEST	62389	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:30.877557039 CEST	53	62389	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:31.750776052 CEST	49910	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:31.804003000 CEST	53	49910	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:33.358563900 CEST	55854	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:33.419902086 CEST	53	55854	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:34.206337929 CEST	64549	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:34.256695986 CEST	53	64549	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:34.534070969 CEST	63153	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:34.594058990 CEST	53	63153	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:35.686705112 CEST	52991	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:35.736907005 CEST	53	52991	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:35.811814070 CEST	53700	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:35.884080887 CEST	53	53700	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:44.391467094 CEST	51726	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:44.442492962 CEST	53	51726	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:45.245520115 CEST	56794	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:45.301171064 CEST	53	56794	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:53.573659897 CEST	56534	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:53.624955893 CEST	53	56534	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:54.756181955 CEST	56627	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:54.807312965 CEST	53	56627	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:55.458626032 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:55.506680012 CEST	63116	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:55.519505024 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:55.566844940 CEST	53	63116	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:56.589811087 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:56.589901924 CEST	63116	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:56.650222063 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:56.650569916 CEST	53	63116	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:57.646142006 CEST	63116	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:57.646262884 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:57.704947948 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:57.704972982 CEST	53	63116	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:59.679392099 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:59.679502010 CEST	63116	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:55:59.737987041 CEST	53	63116	8.8.8.8	192.168.2.4
Jun 14, 2021 15:55:59.738069057 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:03.481023073 CEST	64078	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:03.531276941 CEST	53	64078	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:03.693501949 CEST	63116	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:03.693535089 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:03.753376007 CEST	53	63116	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:03.753443003 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:04.520940065 CEST	64801	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:04.571150064 CEST	53	64801	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:04.892777920 CEST	61721	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:04.958355904 CEST	53	61721	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:05.345042944 CEST	51255	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:05.395241976 CEST	53	51255	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:06.058556080 CEST	64801	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:06.116978884 CEST	53	64801	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:06.482553005 CEST	51255	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:06.541011095 CEST	53	51255	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:07.465755939 CEST	64801	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:07.526577950 CEST	53	64801	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:11.049902916 CEST	51255	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:11.108531952 CEST	53	51255	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:11.361944914 CEST	64801	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:11.412147045 CEST	53	64801	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:13.080001116 CEST	51255	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:13.138663054 CEST	53	51255	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:13.518878937 CEST	61522	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:13.571897984 CEST	53	61522	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:15.380347967 CEST	64801	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:15.430485964 CEST	53	64801	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:17.243988991 CEST	51255	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:17.294167995 CEST	53	51255	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:18.007214069 CEST	52337	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:18.069977999 CEST	53	52337	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:18.434041023 CEST	55046	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:18.489444017 CEST	53	55046	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:20.434932947 CEST	49612	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:20.489183903 CEST	53	49612	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:21.503282070 CEST	49285	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:21.567260027 CEST	53	49285	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:22.478826046 CEST	50601	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:22.544935942 CEST	53	50601	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:45.349302053 CEST	60875	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:45.498843908 CEST	53	60875	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:46.153647900 CEST	56448	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:46.372689009 CEST	53	56448	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:46.789892912 CEST	59172	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:46.862240076 CEST	53	59172	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:47.500279903 CEST	62420	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:47.561913013 CEST	53	62420	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:48.143974066 CEST	60579	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:48.205867052 CEST	53	60579	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:49.117507935 CEST	50183	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:49.175822020 CEST	53	50183	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:50.334326029 CEST	61531	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:50.387171030 CEST	53	61531	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:50.905905962 CEST	49228	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:50.967299938 CEST	53	49228	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:52.062072992 CEST	59794	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:52.122746944 CEST	53	59794	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:52.922945023 CEST	55916	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:52.987257004 CEST	53	55916	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:53.579757929 CEST	52752	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:53.631057024 CEST	53	52752	8.8.8.8	192.168.2.4
Jun 14, 2021 15:56:59.778848886 CEST	60542	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:56:59.839731932 CEST	53	60542	8.8.8.8	192.168.2.4
Jun 14, 2021 15:57:29.751820087 CEST	60689	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:57:29.818352938 CEST	53	60689	8.8.8.8	192.168.2.4
Jun 14, 2021 15:57:31.678122044 CEST	64206	53	192.168.2.4	8.8.8.8
Jun 14, 2021 15:57:31.736694098 CEST	53	64206	8.8.8.8	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jun 14, 2021 15:58:36.632458925 CEST	192.168.2.4	192.168.2.1	8270	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jun 14, 2021 15:55:35.811814070 CEST	192.168.2.4	8.8.8.8	0xe40a	Standard query (0)	www.getrave.ca	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jun 14, 2021 15:55:35.884080887 CEST	8.8.8.8	192.168.2.4	0xe40a	No error (0)	www.getrave.ca	getrave.ca		CNAME (Canonical name)	IN (0x0001)
Jun 14, 2021 15:55:35.884080887 CEST	8.8.8.8	192.168.2.4	0xe40a	No error (0)	getrave.ca		69.10.147.140	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jun 14, 2021 15:55:36.323720932 CEST	69.10.147.140	443	192.168.2.4	49731	CN=*.getrave.ca, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu Jun 11 16:12:52 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sat Jun 11 16:12:52 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
Jun 14, 2021 15:55:36.331844091 CEST	69.10.147.140	443	192.168.2.4	49730	CN=*.getrave.ca, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu Jun 11 16:12:52 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sat Jun 11 16:12:52 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 6596 Parent PID: 800

General

Start time:	15:55:34
Start date:	14/06/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7b30a0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 6676 Parent PID: 6596

General

Start time:	15:55:34
Start date:	14/06/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6596 CREDAT:17410 /prefetch:2
Imagebase:	0x10d0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: AcroRd32.exe PID: 6832 Parent PID: 6676

General

Start time:	15:55:37
Start date:	14/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6676
Imagebase:	0xb00000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: AcroRd32.exe PID: 6956 Parent PID: 6832

General

Start time:	15:55:38
Start date:	14/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6676
Imagebase:	0xb00000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: RdrCEF.exe PID: 2016 Parent PID: 6832

General

Start time:	15:55:49
Start date:	14/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Imagebase:	0xd60000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: RdrCEF.exe PID: 7124 Parent PID: 2016

General

Start time:	15:55:54
Start date:	14/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10239579510597668333 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10239579510597668333 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xd60000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: RdrCEF.exe PID: 4600 Parent PID: 2016

General

Start time:	15:55:56
Start date:	14/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2337483784384888965 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:	0xd60000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: RdrCEF.exe PID: 6528 Parent PID: 2016

General

Start time:	15:56:00
Start date:	14/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15245644756762629242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15245644756762629242 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xd60000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: RdrCEF.exe PID: 6224 Parent PID: 2016

General

Start time:	15:56:03
Start date:	14/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7424766846130001476 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7424766846130001476 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
Imagebase:	0xd60000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6596 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6676
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6676
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10239579510597668333 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10239579510597668333 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2337483784384888965 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15245644756762629242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15245644756762629242 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7424766846130001476 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7424766846130001476 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6596 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6676
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6676
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10239579510597668333 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10239579510597668333 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2337483784384888965 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=15245644756762629242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15245644756762629242 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1668,16580496791106040018,12926254681689914639,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7424766846130001476 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7424766846130001476 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to elicit sensitive information and/or gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments.
Tactics:	Initial Access
Data Sources:	DNS records, Detonation chamber, Email gateway, Mail server, Packet capture, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report https://www.getrave.ca/content/6955686/599b179c-6797-4b93-b928-4e4ef96fabfc/323e9aaa-c071-4673-ba30-7129f8459847/COVID-19_Guidance_for_Food_Premises.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 6596 Parent PID: 800

General

Analysis Process: iexplore.exe PID: 6676 Parent PID: 6596

General

Analysis Process: AcroRd32.exe PID: 6832 Parent PID: 6676

General

Analysis Process: AcroRd32.exe PID: 6956 Parent PID: 6832

General

Analysis Process: RdrCEF.exe PID: 2016 Parent PID: 6832

General

Analysis Process: RdrCEF.exe PID: 7124 Parent PID: 2016

General

Analysis Process: RdrCEF.exe PID: 4600 Parent PID: 2016

General

Analysis Process: RdrCEF.exe PID: 6528 Parent PID: 2016

General