Windows Analysis Report Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf

Overview

General Information

Sample Name: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf
Analysis ID: 444764
MD5: 39bc0abebb458b279afe35c3a7ce62f9
SHA1: 785637468cdd2a1b5f816576d8c1b521445ffbc3
SHA256: d41884b2af008616298459822a9f842e668b652d73cd7b8acbc113c4aed3c928
Infos:

Most interesting Screenshot:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware

Classification

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 170.140.125.16:443 -> 192.168.2.6:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.16:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.169:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.169:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.169:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.169:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.20:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.20:443 -> 192.168.2.6:49782 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.98:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.98:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.25:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.25:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 64.233.166.155:443 -> 192.168.2.6:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 64.233.166.155:443 -> 192.168.2.6:49802 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.16:443 -> 192.168.2.6:49803 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.64.172.12:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.64.172.12:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.228.74.133:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.228.74.133:443 -> 192.168.2.6:49814 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.195.138.231:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.195.138.231:443 -> 192.168.2.6:49816 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.13.87:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.13.87:443 -> 192.168.2.6:49818 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.99.16:443 -> 192.168.2.6:49820 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.99.16:443 -> 192.168.2.6:49821 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.228.74.198:443 -> 192.168.2.6:49822 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.228.74.198:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.50:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.50:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.12.87:443 -> 192.168.2.6:49829 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.12.87:443 -> 192.168.2.6:49827 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.12.87:443 -> 192.168.2.6:49824 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.50:443 -> 192.168.2.6:49825 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.63:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.63:443 -> 192.168.2.6:49830 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.63:443 -> 192.168.2.6:49831 version: TLS 1.2

Networking:

barindex
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 23.111.9.35 23.111.9.35
Source: Joe Sandbox View IP Address: 23.111.9.35 23.111.9.35
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: index[1].htm0.21.dr String found in binary or memory: </a></p><div class="mb-3"><a href="tel:404.727.6123">404.727.6123</a><br/><a href="contact/index.html">Contact</a></div></div></address><a aria-label="Facebook" class="site-footer__social-button" href="https://www.facebook.com/EmoryUniversity/"><span aria-hidden="true" class="fab fa-facebook"></span></a><a aria-label="Twitter" class="site-footer__social-button" href="https://twitter.com/EmoryUniversity"><span aria-hidden="true" class="fab fa-twitter"></span></a><a aria-label="Instagram" class="site-footer__social-button" href="https://www.instagram.com/emoryuniversity/"><span aria-hidden="true" class="fab fa-instagram"></span></a><a aria-label="YouTube" class="site-footer__social-button" href="https://www.youtube.com/EmoryUniversity"><span aria-hidden="true" class="fab fa-youtube"></span></a><a aria-label="LinkedIn" class="site-footer__social-button" href="https://www.linkedin.com/school/emory-university/"><span aria-hidden="true" class="fab fa-linkedin"></span></a></div></div></div></div><div class="site-post-footer" id="postFooter"><div class="container py-2"><div class="row"><div class="col-sm-6"><small>Copyright &#169; 2020 equals www.facebook.com (Facebook)
Source: index[1].htm0.21.dr String found in binary or memory: </a></p><div class="mb-3"><a href="tel:404.727.6123">404.727.6123</a><br/><a href="contact/index.html">Contact</a></div></div></address><a aria-label="Facebook" class="site-footer__social-button" href="https://www.facebook.com/EmoryUniversity/"><span aria-hidden="true" class="fab fa-facebook"></span></a><a aria-label="Twitter" class="site-footer__social-button" href="https://twitter.com/EmoryUniversity"><span aria-hidden="true" class="fab fa-twitter"></span></a><a aria-label="Instagram" class="site-footer__social-button" href="https://www.instagram.com/emoryuniversity/"><span aria-hidden="true" class="fab fa-instagram"></span></a><a aria-label="YouTube" class="site-footer__social-button" href="https://www.youtube.com/EmoryUniversity"><span aria-hidden="true" class="fab fa-youtube"></span></a><a aria-label="LinkedIn" class="site-footer__social-button" href="https://www.linkedin.com/school/emory-university/"><span aria-hidden="true" class="fab fa-linkedin"></span></a></div></div></div></div><div class="site-post-footer" id="postFooter"><div class="container py-2"><div class="row"><div class="col-sm-6"><small>Copyright &#169; 2020 equals www.linkedin.com (Linkedin)
Source: index[1].htm0.21.dr String found in binary or memory: </a></p><div class="mb-3"><a href="tel:404.727.6123">404.727.6123</a><br/><a href="contact/index.html">Contact</a></div></div></address><a aria-label="Facebook" class="site-footer__social-button" href="https://www.facebook.com/EmoryUniversity/"><span aria-hidden="true" class="fab fa-facebook"></span></a><a aria-label="Twitter" class="site-footer__social-button" href="https://twitter.com/EmoryUniversity"><span aria-hidden="true" class="fab fa-twitter"></span></a><a aria-label="Instagram" class="site-footer__social-button" href="https://www.instagram.com/emoryuniversity/"><span aria-hidden="true" class="fab fa-instagram"></span></a><a aria-label="YouTube" class="site-footer__social-button" href="https://www.youtube.com/EmoryUniversity"><span aria-hidden="true" class="fab fa-youtube"></span></a><a aria-label="LinkedIn" class="site-footer__social-button" href="https://www.linkedin.com/school/emory-university/"><span aria-hidden="true" class="fab fa-linkedin"></span></a></div></div></div></div><div class="site-post-footer" id="postFooter"><div class="container py-2"><div class="row"><div class="col-sm-6"><small>Copyright &#169; 2020 equals www.twitter.com (Twitter)
Source: index[1].htm0.21.dr String found in binary or memory: </a></p><div class="mb-3"><a href="tel:404.727.6123">404.727.6123</a><br/><a href="contact/index.html">Contact</a></div></div></address><a aria-label="Facebook" class="site-footer__social-button" href="https://www.facebook.com/EmoryUniversity/"><span aria-hidden="true" class="fab fa-facebook"></span></a><a aria-label="Twitter" class="site-footer__social-button" href="https://twitter.com/EmoryUniversity"><span aria-hidden="true" class="fab fa-twitter"></span></a><a aria-label="Instagram" class="site-footer__social-button" href="https://www.instagram.com/emoryuniversity/"><span aria-hidden="true" class="fab fa-instagram"></span></a><a aria-label="YouTube" class="site-footer__social-button" href="https://www.youtube.com/EmoryUniversity"><span aria-hidden="true" class="fab fa-youtube"></span></a><a aria-label="LinkedIn" class="site-footer__social-button" href="https://www.linkedin.com/school/emory-university/"><span aria-hidden="true" class="fab fa-linkedin"></span></a></div></div></div></div><div class="site-post-footer" id="postFooter"><div class="container py-2"><div class="row"><div class="col-sm-6"><small>Copyright &#169; 2020 equals www.youtube.com (Youtube)
Source: site[1].js0.21.dr String found in binary or memory: if ($iframe.is( "[src*='www.youtube.com']" )) { equals www.youtube.com (Youtube)
Source: fbevents[1].js0.21.dr String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage||function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"*");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules||(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]||(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)||(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.*\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL||!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=function(){n.removeItem(m),a.close()};e.src=i(c,g.ENDPOINT);b.body&&b.body.appendChild(e)}var o=!1,p=function(a){return!!(e&&e.pixelsByID&&Object.prototype.hasOwnProperty.call(e.pixelsByID,a))};function q(){if(o)return;var b=n.getItem(m);if(!b)return;b=JSON.parse(b);var c=b.pixelID,d=b.graphToken,e=b.sessionStartTime;o=!0;h(c,function(){var b=p(c)?c:null;a.FacebookIWL.init(b,d,e)})}function r(b){if(o)return;h(b,func
Source: index[1].htm.21.dr String found in binary or memory: 404.727.6123</a></div></div><!-- /.wysiwyg --></address><div class="mt-2"><a class="site-footer__social-button" href="https://www.facebook.com/EmoryUniversity/" title="Facebook"><span aria-hidden="true" class="fab fa-facebook fa-fw"></span><span class="sr-only">Facebook</span></a><a class="site-footer__social-button" href="https://twitter.com/EmoryUniversity" title="Twitter"><span aria-hidden="true" class="fab fa-twitter fa-fw"></span><span class="sr-only">Twitter</span></a><a class="site-footer__social-button" href="https://www.youtube.com/EmoryUniversity" title="YouTube"><span aria-hidden="true" class="fab fa-youtube fa-fw"></span><span class="sr-only">YouTube</span></a><a class="site-footer__social-button" href="https://www.linkedin.com/school/emory-university/mycompany/" title="LinkedIn"><span aria-hidden="true" class="fab fa-linkedin fa-fw"></span><span class="sr-only">LinkedIn</span></a><a class="site-footer__social-button" href="https://www.instagram.com/emoryuniversity/" title="Instagram"><span aria-hidden="true" class="fab fa-instagram fa-fw"></span><span class="sr-only">Instagram</span></a></div></div><!-- /.col-12 --></div><!-- /.row --></div><!-- /.container --></div><!-- /.site-footer__content --></div><!-- /#siteFooter --><div class="site-post-footer" id="postFooter"><div class="container py-2 text-center"><div class="row"><div class="col-sm-4"><small>Copyright equals www.facebook.com (Facebook)
Source: index[1].htm.21.dr String found in binary or memory: 404.727.6123</a></div></div><!-- /.wysiwyg --></address><div class="mt-2"><a class="site-footer__social-button" href="https://www.facebook.com/EmoryUniversity/" title="Facebook"><span aria-hidden="true" class="fab fa-facebook fa-fw"></span><span class="sr-only">Facebook</span></a><a class="site-footer__social-button" href="https://twitter.com/EmoryUniversity" title="Twitter"><span aria-hidden="true" class="fab fa-twitter fa-fw"></span><span class="sr-only">Twitter</span></a><a class="site-footer__social-button" href="https://www.youtube.com/EmoryUniversity" title="YouTube"><span aria-hidden="true" class="fab fa-youtube fa-fw"></span><span class="sr-only">YouTube</span></a><a class="site-footer__social-button" href="https://www.linkedin.com/school/emory-university/mycompany/" title="LinkedIn"><span aria-hidden="true" class="fab fa-linkedin fa-fw"></span><span class="sr-only">LinkedIn</span></a><a class="site-footer__social-button" href="https://www.instagram.com/emoryuniversity/" title="Instagram"><span aria-hidden="true" class="fab fa-instagram fa-fw"></span><span class="sr-only">Instagram</span></a></div></div><!-- /.col-12 --></div><!-- /.row --></div><!-- /.container --></div><!-- /.site-footer__content --></div><!-- /#siteFooter --><div class="site-post-footer" id="postFooter"><div class="container py-2 text-center"><div class="row"><div class="col-sm-4"><small>Copyright equals www.linkedin.com (Linkedin)
Source: index[1].htm.21.dr String found in binary or memory: 404.727.6123</a></div></div><!-- /.wysiwyg --></address><div class="mt-2"><a class="site-footer__social-button" href="https://www.facebook.com/EmoryUniversity/" title="Facebook"><span aria-hidden="true" class="fab fa-facebook fa-fw"></span><span class="sr-only">Facebook</span></a><a class="site-footer__social-button" href="https://twitter.com/EmoryUniversity" title="Twitter"><span aria-hidden="true" class="fab fa-twitter fa-fw"></span><span class="sr-only">Twitter</span></a><a class="site-footer__social-button" href="https://www.youtube.com/EmoryUniversity" title="YouTube"><span aria-hidden="true" class="fab fa-youtube fa-fw"></span><span class="sr-only">YouTube</span></a><a class="site-footer__social-button" href="https://www.linkedin.com/school/emory-university/mycompany/" title="LinkedIn"><span aria-hidden="true" class="fab fa-linkedin fa-fw"></span><span class="sr-only">LinkedIn</span></a><a class="site-footer__social-button" href="https://www.instagram.com/emoryuniversity/" title="Instagram"><span aria-hidden="true" class="fab fa-instagram fa-fw"></span><span class="sr-only">Instagram</span></a></div></div><!-- /.col-12 --></div><!-- /.row --></div><!-- /.container --></div><!-- /.site-footer__content --></div><!-- /#siteFooter --><div class="site-post-footer" id="postFooter"><div class="container py-2 text-center"><div class="row"><div class="col-sm-4"><small>Copyright equals www.twitter.com (Twitter)
Source: index[1].htm.21.dr String found in binary or memory: 404.727.6123</a></div></div><!-- /.wysiwyg --></address><div class="mt-2"><a class="site-footer__social-button" href="https://www.facebook.com/EmoryUniversity/" title="Facebook"><span aria-hidden="true" class="fab fa-facebook fa-fw"></span><span class="sr-only">Facebook</span></a><a class="site-footer__social-button" href="https://twitter.com/EmoryUniversity" title="Twitter"><span aria-hidden="true" class="fab fa-twitter fa-fw"></span><span class="sr-only">Twitter</span></a><a class="site-footer__social-button" href="https://www.youtube.com/EmoryUniversity" title="YouTube"><span aria-hidden="true" class="fab fa-youtube fa-fw"></span><span class="sr-only">YouTube</span></a><a class="site-footer__social-button" href="https://www.linkedin.com/school/emory-university/mycompany/" title="LinkedIn"><span aria-hidden="true" class="fab fa-linkedin fa-fw"></span><span class="sr-only">LinkedIn</span></a><a class="site-footer__social-button" href="https://www.instagram.com/emoryuniversity/" title="Instagram"><span aria-hidden="true" class="fab fa-instagram fa-fw"></span><span class="sr-only">Instagram</span></a></div></div><!-- /.col-12 --></div><!-- /.row --></div><!-- /.container --></div><!-- /.site-footer__content --></div><!-- /#siteFooter --><div class="site-post-footer" id="postFooter"><div class="container py-2 text-center"><div class="row"><div class="col-sm-4"><small>Copyright equals www.youtube.com (Youtube)
Source: index[1].htm.21.dr String found in binary or memory: </script><noscript><img height="1" src="https://www.facebook.com/tr?id=646589415962224&amp;ev=PageView&amp;noscript=1" style="display:none" width="1"/></noscript><!-- End Facebook Pixel Code --><!-- Event snippet for Page view conversion page --><script> gtag('event', 'conversion', {'send_to': 'AW-601662636/vZqQCISPjN4BEKzJ8p4C'});</script><title>COVID-19 Information for the Emory Community | Emory University | Atlanta GA</title><!-- CSS INCLUDES --> equals www.facebook.com (Facebook)
Source: index[3].htm.21.dr String found in binary or memory: </script><noscript><img height="1" src="https://www.facebook.com/tr?id=646589415962224&amp;ev=PageView&amp;noscript=1" style="display:none" width="1"/></noscript><!-- End Facebook Pixel Code --><!-- Event snippet for Page view conversion page --><script> gtag('event', 'conversion', {'send_to': 'AW-601662636/vZqQCISPjN4BEKzJ8p4C'});</script><title>COVID-19 Testing | Emory University | Atlanta GA</title><!-- CSS INCLUDES --> equals www.facebook.com (Facebook)
Source: index[2].htm0.21.dr String found in binary or memory: </script><noscript><img height="1" src="https://www.facebook.com/tr?id=646589415962224&amp;ev=PageView&amp;noscript=1" style="display:none" width="1"/></noscript><!-- End Facebook Pixel Code --><!-- Event snippet for Page view conversion page --><script> gtag('event', 'conversion', {'send_to': 'AW-601662636/vZqQCISPjN4BEKzJ8p4C'});</script><title>COVID-19 | Emory University | Atlanta GA</title><!-- CSS INCLUDES --> equals www.facebook.com (Facebook)
Source: index[2].htm.21.dr String found in binary or memory: </script><noscript><img height="1" src="https://www.facebook.com/tr?id=646589415962224&amp;ev=PageView&amp;noscript=1" style="display:none" width="1"/></noscript><!-- End Facebook Pixel Code --><!-- Event snippet for Page view conversion page --><script> gtag('event', 'conversion', {'send_to': 'AW-601662636/vZqQCISPjN4BEKzJ8p4C'});</script><title>Emory University COVID-19 Dashboard | Emory University | Atlanta GA</title><!-- CSS INCLUDES --> equals www.facebook.com (Facebook)
Source: healthy-behaviors[1].htm.21.dr String found in binary or memory: </script><noscript><img height="1" src="https://www.facebook.com/tr?id=646589415962224&amp;ev=PageView&amp;noscript=1" style="display:none" width="1"/></noscript><!-- End Facebook Pixel Code --><!-- Event snippet for Page view conversion page --><script> gtag('event', 'conversion', {'send_to': 'AW-601662636/vZqQCISPjN4BEKzJ8p4C'});</script><title>Healthy Behaviors | Emory University | Atlanta GA</title><!-- CSS INCLUDES --> equals www.facebook.com (Facebook)
Source: if-you-feel-sick[1].htm.21.dr String found in binary or memory: </script><noscript><img height="1" src="https://www.facebook.com/tr?id=646589415962224&amp;ev=PageView&amp;noscript=1" style="display:none" width="1"/></noscript><!-- End Facebook Pixel Code --><!-- Event snippet for Page view conversion page --><script> gtag('event', 'conversion', {'send_to': 'AW-601662636/vZqQCISPjN4BEKzJ8p4C'});</script><title>If You Feel Sick or Were Exposed | Emory University | Atlanta GA</title><!-- CSS INCLUDES --> equals www.facebook.com (Facebook)
Source: operating-condition-status[1].htm.21.dr String found in binary or memory: </script><noscript><img height="1" src="https://www.facebook.com/tr?id=646589415962224&amp;ev=PageView&amp;noscript=1" style="display:none" width="1"/></noscript><!-- End Facebook Pixel Code --><!-- Event snippet for Page view conversion page --><script> gtag('event', 'conversion', {'send_to': 'AW-601662636/vZqQCISPjN4BEKzJ8p4C'});</script><title>Operating Condition Status | Emory University | Atlanta GA</title><!-- CSS INCLUDES --> equals www.facebook.com (Facebook)
Source: quick-guides[1].htm.21.dr String found in binary or memory: </script><noscript><img height="1" src="https://www.facebook.com/tr?id=646589415962224&amp;ev=PageView&amp;noscript=1" style="display:none" width="1"/></noscript><!-- End Facebook Pixel Code --><!-- Event snippet for Page view conversion page --><script> gtag('event', 'conversion', {'send_to': 'AW-601662636/vZqQCISPjN4BEKzJ8p4C'});</script><title>Quick Guides | Emory University | Atlanta GA</title><!-- CSS INCLUDES --> equals www.facebook.com (Facebook)
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: ? \u003cbr /\u003e\u003cbr /\u003eCredit: Yixuan (Jack) Peng @_pengyxxuan is a rising junior @emorycollege. \u003cbr /\u003e\u003cbr /\u003e#emoryuniversity #emory #rainbow #rainbows #doublerainbow #atlanta","description":null,"feed":"emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87","likes":0,"comments":0,"poster_image":null,"poster_name":"emoryuniversity","poster_display_name":null,"source":{"id":616767,"term":"emoryuniversity","term_type":"username","source":"Instagram","options":"","name":null,"allowed":null,"disallowed":null,"queue":false,"is_deactivated":false}},{"id":444731376,"external_id":"1410695610735509504","external_created_at":"2021-07-01T13:23:37.000-07:00","full_url":"https://twitter.com/EmoryUniversity/status/1410695610735509504","image":"https://pbs.twimg.com/media/E5PMLksXoAUGfPA.jpg","external":"https://links.emory.edu/9R","like_count":0,"comment_count":0,"tagged_users":"FrontPharmacol,QuaveEthnobot","poster_url":"https://www.twitter.com/EmoryUniversity","poster_id":"16438655","location":null,"height":347,"width":520,"edit":null,"position":null,"deleted_at":null,"deleted_by":null,"additional_photos":null,"external_location_id":null,"message":"\u003cp\u003eScientists have isolated a molecule, extracted from the leaves of the European chestnut tree, with the power to neutralize dangerous, drug-resistant \u003ca href='https://twitter.com/search?q=%23staph' target='_blank'\u003e#staph\u003c/a\u003e bacteria. \u003ca href='https://twitter.com/FrontPharmacol' target='_blank'\u003e@FrontPharmacol\u003c/a\u003e published the finding, led by Emory scientists including \u003ca href='https://twitter.com/QuaveEthnobot' target='_blank'\u003e@QuaveEthnobot\u003c/a\u003e. \u003ca href='https://t.co/iQY7jLHtCE' target='_blank'\u003elinks.emory.edu/9R\u003c/a\u003e \u003c/p\u003e","unformatted_message":"Scientists have isolated a molecule, extracted from the leaves of the European chestnut tree, with the power to neutralize dangerous, drug-resistant \u003ca href='https://twitter.com/search?q=%23staph' target='_blank'\u003e#staph\u003c/a\u003e bacteria. \u003ca href='https://twitter.com/FrontPharmacol' target='_blank'\u003e@FrontPharmacol\u003c/a\u003e published the finding, led by Emory scientists including \u003ca href='https://twitter.com/QuaveEthnobot' target='_blank'\u003e@QuaveEthnobot\u003c/a\u003e. \u003ca href='https://t.co/iQY7jLHtCE' target='_blank'\u003elinks.emory.edu/9R\u003c/a\u003e ","description":null,"feed":"emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87","likes":0,"comments":0,"poster_image":"https://pbs.twimg.com/profile_images/1148259851593801728/4b116t7M_normal.png","poster_name":"EmoryUniversity","poster_display_name":"Emory University","source":{"id":616766,"term":"emoryuniversity","term_type":"username","source":"Twitter","options":"","name":null,"allowed":null,"disallowed":null,"queue":false,"is_deactivated":false}},{"id":444716336,"external_id":"1410591609389916162","external_created_at":"2021-07-01T06:30:21
Source: js[1].js1.21.dr String found in binary or memory: F=R("YT"),D=function(){e(C)};E(u.vtp_gtmOnSuccess);if(F)F.ready&&F.ready(D);else{var H=R("onYouTubeIframeAPIReady");Ro("onYouTubeIframeAPIReady",function(){H&&H();D()});E(function(){for(var P=R("document"),O=P.getElementsByTagName("script"),S=O.length,Q=0;Q<S;Q++){var L=O[Q].getAttribute("src");if(b(L,"iframe_api")||b(L,"player_api"))return}for(var I=P.getElementsByTagName("iframe"),T=I.length,W=0;W<T;W++)if(!t&&c(I[W],C.Sf)){M("https://www.youtube.com/iframe_api");t=!0;break}})}}else E(u.vtp_gtmOnSuccess)} equals www.youtube.com (Youtube)
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: opened in Downtown Atlanta. Not long after, \u003ca href='https://twitter.com/EmoryUniversity' target='_blank'\u003e@EmoryUniversity\u003c/a\u003e deeded the federal government 15 acres on Clifton Rd. for a permanent HQ, which opened in 1960. Happy anniversary, neighbor! ","description":null,"feed":"emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87","likes":0,"comments":0,"poster_image":"https://pbs.twimg.com/profile_images/1148259851593801728/4b116t7M_normal.png","poster_name":"EmoryUniversity","poster_display_name":"Emory University","source":{"id":616766,"term":"emoryuniversity","term_type":"username","source":"Twitter","options":"","name":null,"allowed":null,"disallowed":null,"queue":false,"is_deactivated":false}},{"id":444637470,"external_id":"1409882601742127117","external_created_at":"2021-06-29T07:33:01.000-07:00","full_url":"https://twitter.com/EmoryUniversity/status/1409882601742127117","image":"https://pbs.twimg.com/media/E5DowQdXEAQ3ZpV.jpg","external":"https://links.emory.edu/9O","like_count":0,"comment_count":0,"tagged_users":"emoryghi","poster_url":"https://www.twitter.com/EmoryUniversity","poster_id":"16438655","location":null,"height":347,"width":520,"edit":null,"position":null,"deleted_at":null,"deleted_by":null,"additional_photos":null,"external_location_id":null,"message":"\u003cp\u003eRebecca Martin, an internationally known expert in immunization, health systems strengthening and outbreak response, has been named Emory's new vice president for global health and director of the Emory Global Health Institute (\u003ca href='https://twitter.com/emoryghi' target='_blank'\u003e@emoryghi\u003c/a\u003e). \u003ca href='https://t.co/xvReVUYdff' target='_blank'\u003elinks.emory.edu/9O\u003c/a\u003e \u003c/p\u003e","unformatted_message":"Rebecca Martin, an internationally known expert in immunization, health systems strengthening and outbreak response, has been named Emory's new vice president for global health and director of the Emory Global Health Institute (\u003ca href='https://twitter.com/emoryghi' target='_blank'\u003e@emoryghi\u003c/a\u003e). \u003ca href='https://t.co/xvReVUYdff' target='_blank'\u003elinks.emory.edu/9O\u003c/a\u003e ","description":null,"feed":"emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87","likes":0,"comments":0,"poster_image":"https://pbs.twimg.com/profile_images/1148259851593801728/4b116t7M_normal.png","poster_name":"EmoryUniversity","poster_display_name":"Emory University","source":{"id":616766,"term":"emoryuniversity","term_type":"username","source":"Twitter","options":"","name":null,"allowed":null,"disallowed":null,"queue":false,"is_deactivated":false}}]},"sources":[{"id":616766,"term":"emoryuniversity","term_type":"username","source":"Twitter","options":"","name":null,"allowed":null,"disallowed":null,"queue":false,"is_deactivated":false},{"id":616767,"term":"emoryuniversity","term_type":"username","source":"Instagram","options":"","name":null,"allowed":null,"disallowed":null,"queue":false,"is_d
Source: js[1].js1.21.dr String found in binary or memory: var q=["www.youtube.com","www.youtube-nocookie.com"],p={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},r,t=!1;(function(u){Z.__ytl=u;Z.__ytl.h="ytl";Z.__ytl.m=!0;Z.__ytl.priorityOverride=0})(function(u){u.vtp_triggerStartOption?n(u):qi(function(){n(u)})})}(); equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: emory.edu
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: index[1].htm.21.dr String found in binary or memory: http://campuslife.emory.edu/
Source: AcroRd32.exe, 00000002.00000000.484311616.000000000AAE4000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000002.00000000.484311616.000000000AAE4000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/uT
Source: index[1].htm.21.dr String found in binary or memory: http://college.emory.edu/forward/
Source: index[1].htm.21.dr String found in binary or memory: http://communications.emory.edu//resources/copyright.html
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: datatables.min[1].js.21.dr String found in binary or memory: http://datatables.net/tn/
Source: index[1].htm.21.dr String found in binary or memory: http://equityandinclusion.emory.edu/about/resources/eoaa.html
Source: index[1].htm0.21.dr String found in binary or memory: http://equityandinclusion.emory.edu/about/resources/policies/eoaa.html
Source: index[1].htm0.21.dr String found in binary or memory: http://giving.emory.edu/ways-to-give/index.html
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/B
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/u
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/I
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/em#
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/imensions#
Source: index[1].htm.21.dr String found in binary or memory: http://nursing.emory.edu/audience-guides/emory-forward-nursing-faqs.html
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: popper.min[1].js.21.dr String found in binary or memory: http://opensource.org/licenses/MIT).
Source: jquery.scrollmagic.min[1].js.21.dr String found in binary or memory: http://scrollmagic.io
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/lns/f#
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000002.00000000.484311616.000000000AAE4000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000002.00000000.484311616.000000000AAE4000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/7WJ
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#2-29/
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000002.00000000.484473445.000000000AB8A000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ty#rceRef#g
Source: AcroRd32.exe, 00000002.00000000.484311616.000000000AAE4000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000002.00000000.484311616.000000000AAE4000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/HV%
Source: index[1].htm0.21.dr String found in binary or memory: http://www.alumni.emory.edu/index.html
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: index[1].htm.21.dr, healthy-behaviors[1].htm.21.dr, index[2].htm0.21.dr, quick-guides[1].htm.21.dr, operating-condition-status[1].htm.21.dr, index[1].htm0.21.dr, if-you-feel-sick[1].htm.21.dr String found in binary or memory: http://www.emory.edu
Source: angle-grid-bg[1].htm.21.dr String found in binary or memory: http://www.emory.edu/home/_includes/images/site-wide/angle-grid-bg.svg
Source: EKKT6VV0.htm.21.dr String found in binary or memory: http://www.emory.edu/home/index.html
Source: AcroRd32.exe, 00000002.00000000.487612686.000000000B652000.00000004.00000001.sdmp String found in binary or memory: http://www.monotype.c
Source: AcroRd32.exe, 00000002.00000000.484311616.000000000AAE4000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: index[1].htm0.21.dr String found in binary or memory: http://www.or.emory.edu
Source: AcroRd32.exe, 00000002.00000000.466619887.0000000007FF0000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000002.00000000.466619887.0000000007FF0000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000002.00000000.466619887.0000000007FF0000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000002.00000000.466619887.0000000007FF0000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000002.00000000.466619887.0000000007FF0000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000002.00000000.466619887.0000000007FF0000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000002.00000000.466619887.0000000007FF0000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000002.00000000.466619887.0000000007FF0000.00000002.00000001.sdmp String found in binary or memory: http://www.quicktime.com.Acrobat
Source: jquery.selectboxit.min[1].js.21.dr String found in binary or memory: http://www.selectboxit.com
Source: AcroRd32.exe, 00000002.00000000.491350256.000000000CDDD000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000002.00000000.487612686.000000000B652000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000002.00000000.487612686.000000000B652000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/$
Source: AcroRd32.exe, 00000002.00000000.487612686.000000000B652000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/F
Source: AcroRd32.exe, 00000002.00000000.491350256.000000000CDDD000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/v
Source: js[1].js1.21.dr String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: js[1].js1.21.dr String found in binary or memory: https://analytics.google.com/g/collect
Source: AcroRd32.exe, 00000002.00000000.491198264.000000000CD34000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000002.00000000.491198264.000000000CD34000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.comRL
Source: f[1].txt.21.dr String found in binary or memory: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Source: index[1].htm.21.dr String found in binary or memory: https://candler.emory.edu/candler-forward.html
Source: js[1].js1.21.dr String found in binary or memory: https://cct.google/taggy/agent.js
Source: index[1].htm.21.dr, healthy-behaviors[1].htm.21.dr, index[1].htm0.21.dr, index[2].htm.21.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js
Source: index[1].htm.21.dr String found in binary or memory: https://code.jquery.com/jquery-3.3.1.min.js
Source: index[1].htm0.21.dr String found in binary or memory: https://communications.emory.edu/resources/copyright.html
Source: index[1].htm.21.dr String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: AcroRd32.exe, 00000002.00000000.487726787.000000000B67B000.00000004.00000001.sdmp String found in binary or memory: https://covidvaccine.emoryhealthcare.org/Scheduling/covid19/#/
Source: AcroRd32.exe, 00000002.00000000.484279165.000000000AACD000.00000004.00000001.sdmp, Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf String found in binary or memory: https://covidvaccine.emoryhealthcare.org/Scheduling/covid19/#/)
Source: datatables.min[1].js.21.dr String found in binary or memory: https://datatables.net/download
Source: datatables.min[1].js.21.dr String found in binary or memory: https://datatables.net/download/#bs4/dt-1.10.18/r-2.2.2
Source: fa-solid-900[1].eot.21.dr, all[1].css.21.dr String found in binary or memory: https://fontawesome.com
Source: all[1].css.21.dr String found in binary or memory: https://fontawesome.com/license/free
Source: fa-solid-900[1].eot.21.dr, fa-regular-400[1].eot.21.dr, fa-brands-400[1].eot.21.dr String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/barlowcondensed/v1/HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWvw.woff)
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/barlowcondensed/v1/HTxyL3I-JCGChYJ8VI-L6OO_au7B6xTrB3Xmu4kA.woff)
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/notosans/v7/o-0IIpQlx3QUlC5A4PNr5TRG.woff)
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/notosans/v7/o-0NIpQlx3QUlC5A4PNjXhFVZNyH.woff)
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/notosans/v7/o-0OIpQlx3QUlC5A4PNr4ARCQ_8.woff)
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/notosans/v7/o-0TIpQlx3QUlC5A4PNr4Az5ZuyDzWs.woff)
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/spectral/v4/rnCr-xNNww_2s0amA9M5kn4.woff)
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/spectral/v4/rnCs-xNNww_2s0amA9uCt23BafA.woff)
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/spectral/v4/rnCt-xNNww_2s0amA9M8onrmSg.woff)
Source: standard-template-v3[1].css.21.dr String found in binary or memory: https://fonts.gstatic.com/s/spectral/v4/rnCu-xNNww_2s0amA9M8qsHDWfSFWw.woff)
Source: index[1].htm0.21.dr String found in binary or memory: https://gca.emory.edu/community/index.html
Source: standard-template-v3.min[1].js.21.dr String found in binary or memory: https://getbootstrap.com/)
Source: standard-template-v3.min[1].js.21.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: standard-template-v3.min[1].js.21.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: index[1].htm.21.dr String found in binary or memory: https://goizueta.emory.edu/forward
Source: index[1].htm.21.dr String found in binary or memory: https://healthportal.oxford.emory.edu
Source: index[1].htm.21.dr String found in binary or memory: https://hr.emory.edu/eu/index.html
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://img.juicer.io/ig/image/CQ08_Rurm_w?s=31eeb678ba450e258e669b94acfd8e7e090f5e3a
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://img.juicer.io/ig/image/CQ6NVSHLrmj?s=de34196e55bb13adfa7f9048c1a6206122d5554e
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://img.juicer.io/ig/image/CQ6UUR-rGqB?s=14730609f1b7a6ed31d6007bdd1caac01ef02cda
Source: AcroRd32.exe, 00000002.00000000.504271922.0000000009708000.00000004.00000001.sdmp String found in binary or memory: https://ims-na1.adobelogin.com
Source: index[1].htm.21.dr String found in binary or memory: https://law.emory.edu/continuity-resources/index.html
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://links.emory.edu/9O
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://links.emory.edu/9R
Source: index[1].htm.21.dr String found in binary or memory: https://med.emory.edu/about/supporting-our-people/covid/index.html
Source: AcroRd32.exe, 00000002.00000000.491125670.000000000CCB0000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.484279165.000000000AACD000.00000004.00000001.sdmp, Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf String found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cdc.gov%2Fpublichealthgateway%
Source: AcroRd32.exe, 00000002.00000000.491125670.000000000CCB0000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.484279165.000000000AACD000.00000004.00000001.sdmp, Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf String found in binary or memory: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.vaccines.gov%2F&data=04%7C01%7
Source: if-you-feel-sick[1].htm.21.dr String found in binary or memory: https://oxford.emory.edu/life/campus_life/student_health_services.html
Source: index[1].htm.21.dr String found in binary or memory: https://oxford.emory.edu/resources/oxford-forward/index.html
Source: js[1].js1.21.dr String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.21.dr String found in binary or memory: https://pagead2.googlesyndication.com/
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://pbs.twimg.com/media/E5DowQdXEAQ3ZpV.jpg
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://pbs.twimg.com/media/E5NtlwMVoAkqT-K.jpg
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://pbs.twimg.com/media/E5PMLksXoAUGfPA.jpg
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://pbs.twimg.com/profile_images/1148259851593801728/4b116t7M_normal.png
Source: standard-template-v3.min[1].js.21.dr String found in binary or memory: https://popper.js.org/)
Source: index[1].htm0.21.dr String found in binary or memory: https://president.emory.edu/
Source: widgets[1].js.21.dr String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: search-handler[1].js.21.dr String found in binary or memory: https://search.emory.edu/?q=
Source: index[1].htm0.21.dr String found in binary or memory: https://securelb.imodules.com/s/1705/giving/index.aspx?sid=1705&amp;gid=3&amp;pgid=600&amp;cid=1358&
Source: index[1].htm.21.dr String found in binary or memory: https://sph.emory.edu/news/news-release/2020/06/rollins-returns-fall-2020.html
Source: js[1].js1.21.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: js[1].js1.21.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: index[3].htm.21.dr String found in binary or memory: https://studenthealth.emory.edu/immunization/index.html
Source: index[1].htm.21.dr, if-you-feel-sick[1].htm.21.dr String found in binary or memory: https://studenthealth.emory.edu/other/COVID/index.html
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://t.co/iQY7jLHtCE
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://t.co/xvReVUYdff
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://tableau.emory.edu/t/Public/views/EUCOVID19PublicDashboard_NewMockUp_Prod/EUCOVID19PublicDash
Source: f[1].txt.21.dr String found in binary or memory: https://tagassistant.google.com/
Source: calendar-handler[1].js.21.dr String found in binary or memory: https://template.emory.edu/shared-assets/feed/trumba.php
Source: index[1].htm.21.dr, healthy-behaviors[1].htm.21.dr, index[2].htm0.21.dr, quick-guides[1].htm.21.dr, operating-condition-status[1].htm.21.dr, if-you-feel-sick[1].htm.21.dr String found in binary or memory: https://template.emory.edu/sites/standard-BS4-template/public/_includes/images/eu-logo-footer.svg
Source: index[1].htm0.21.dr String found in binary or memory: https://template.emory.edu/sites/standard-BS4-template/public/_includes/images/eu-logo-shield.svg
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://twitter.com/CDCgov
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://twitter.com/EmoryUniversity
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://twitter.com/EmoryUniversity/status/1409882601742127117
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://twitter.com/EmoryUniversity/status/1410591609389916162
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://twitter.com/EmoryUniversity/status/1410695610735509504
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://twitter.com/FrontPharmacol
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://twitter.com/QuaveEthnobot
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://twitter.com/emoryghi
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://twitter.com/search?q=%23staph
Source: index[1].htm.21.dr String found in binary or memory: https://use.fontawesome.com/releases/v5.14.0/css/all.css
Source: index[3].htm.21.dr String found in binary or memory: https://vimeo.com/emoryuniversity/review/508010295/6e35486985
Source: AcroRd32.exe, 00000002.00000000.486549864.000000000B4EC000.00000004.00000001.sdmp, AcroRd32.exe, 00000002.00000000.484279165.000000000AACD000.00000004.00000001.sdmp, Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf String found in binary or memory: https://ww2.emoryhealthcare.org/ce_covidvaccine_qa?_ga=2.53837160.1176435646.1622038632-1280146314.1
Source: healthy-behaviors[1].htm.21.dr String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html
Source: AcroRd32.exe, 00000002.00000000.486595747.000000000B4F7000.00000004.00000001.sdmp String found in binary or memory: https://www.cdc.gov/vaccines/covid-19/retail-pharmacy-program/participating-pharmacies.html
Source: AcroRd32.exe, 00000002.00000000.484279165.000000000AACD000.00000004.00000001.sdmp, Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf String found in binary or memory: https://www.cdc.gov/vaccines/covid-19/retail-pharmacy-program/participating-pharmacies.html)
Source: AcroRd32.exe, 00000002.00000000.502769003.0000000008EAD000.00000002.00000001.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/coronavirus/_includes/css/site.css?raw=&amp;lastModified=1583777764194
Source: imagestore.dat.21.dr String found in binary or memory: https://www.emory.edu/favicon.ico~
Source: AcroRd32.exe, 00000002.00000000.485268624.000000000B232000.00000004.00000001.sdmp, {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/#main
Source: AcroRd32.exe, 00000002.00000000.484279165.000000000AACD000.00000004.00000001.sdmp, Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf String found in binary or memory: https://www.emory.edu/forward/)
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/Root
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/_includes/images/site-wide/decal-on-floor-600x339.jpg
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/_includes/images/site-wide/hallway-with-covid-sign-600x339.jpg
Source: index[2].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/_includes/images/site-wide/operating-status/green-operatingstatus-mete
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/_includes/images/site-wide/sign-in-garden-sized.jpg
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/_includes/images/site-wide/student-reading-book-in-library.jpg
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/_includes/images/site-wide/student-sitting-on-grass-quad.jpg
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/_includes/images/site-wide/students-walking-on-quad-masks-sized.jpg
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/_includes/images/site-wide/sunflare-on-building-600x339.jpg
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/_includes/images/site-wide/woman-walking-near-shuttle-600x339.jpg
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/dashboard/Root
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/dashboard/index.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/healthy-behaviors.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/healthy-behaviors.htmlbHealthy
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/if-you-feel-sick.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/index.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/index.htmlPCOVID-19
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/operating-condition-status.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/operating-condition-status.htmltOperating
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/quick-guides.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/quick-guides.htmlXQuick
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/testing/index.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr, index[3].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/vaccine.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/covid-19/vaccine.html5
Source: AcroRd32.exe, 00000002.00000000.485268624.000000000B232000.00000004.00000001.sdmp String found in binary or memory: https://www.emory.edu/forward/i
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/forward/index.html
Source: index[1].htm.21.dr String found in binary or memory: https://www.emory.edu/forward/search.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/home/index.html
Source: {A3D7A504-DEB5-11EB-90E5-ECF4BB2D2496}.dat.20.dr String found in binary or memory: https://www.emory.edu/home/index.htmlHHome
Source: index[1].htm0.21.dr String found in binary or memory: https://www.emory.edu/home/search.html
Source: index[1].htm.21.dr String found in binary or memory: https://www.emoryhealthcare.org/
Source: js[1].js0.21.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: js[1].js1.21.dr String found in binary or memory: https://www.google-analytics.com/g/collect
Source: js[1].js1.21.dr, js[1].js.21.dr String found in binary or memory: https://www.google.com
Source: js[1].js1.21.dr String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: f[1].txt.21.dr, js[1].js1.21.dr String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: index[1].htm0.21.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-W5VG6HXXH6
Source: index[1].htm0.21.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-634869-1
Source: index[1].htm.21.dr String found in binary or memory: https://www.gs.emory.edu/fall2020/index.html
Source: healthy-behaviors[1].htm.21.dr String found in binary or memory: https://www.hr.emory.edu/eu/working-covid-19/campus-scenarios.html
Source: index[1].htm.21.dr, if-you-feel-sick[1].htm.21.dr String found in binary or memory: https://www.hr.emory.edu/eu/working-covid-19/index.html
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://www.instagram.com/p/CQ08_Rurm_w/
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://www.instagram.com/p/CQ6NVSHLrmj/
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://www.instagram.com/p/CQ6UUR-rGqB/
Source: emoryuniversity-94f943a0-d879-4b6f-82e3-e826e6eb8c87[1].json.21.dr String found in binary or memory: https://www.twitter.com/EmoryUniversity
Source: js[1].js1.21.dr String found in binary or memory: https://www.youtube.com/iframe_api
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown HTTPS traffic detected: 170.140.125.16:443 -> 192.168.2.6:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.16:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.169:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.169:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.169:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.169:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.20:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.20:443 -> 192.168.2.6:49782 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.98:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.98:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.25:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.25:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 64.233.166.155:443 -> 192.168.2.6:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 64.233.166.155:443 -> 192.168.2.6:49802 version: TLS 1.2
Source: unknown HTTPS traffic detected: 170.140.125.16:443 -> 192.168.2.6:49803 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.64.172.12:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.64.172.12:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.228.74.133:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.228.74.133:443 -> 192.168.2.6:49814 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.195.138.231:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.195.138.231:443 -> 192.168.2.6:49816 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.13.87:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.13.87:443 -> 192.168.2.6:49818 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.99.16:443 -> 192.168.2.6:49820 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.99.16:443 -> 192.168.2.6:49821 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.228.74.198:443 -> 192.168.2.6:49822 version: TLS 1.2
Source: unknown HTTPS traffic detected: 91.228.74.198:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.50:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.50:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.12.87:443 -> 192.168.2.6:49829 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.12.87:443 -> 192.168.2.6:49827 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.12.87:443 -> 192.168.2.6:49824 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.229.233.50:443 -> 192.168.2.6:49825 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.63:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.63:443 -> 192.168.2.6:49830 version: TLS 1.2
Source: unknown HTTPS traffic detected: 157.240.17.63:443 -> 192.168.2.6:49831 version: TLS 1.2
Source: classification engine Classification label: clean1.winPDF@17/197@23/19
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: https://www.emory.edu/forward/
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: https://nam11.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.cdc.gov%2fpublichealthgateway%2fhealthdirectories%2fhealthdepartments.html&data=04%7c01%7call-students%40listserv.emory.edu%7caa42c2c91a884566bee508d90fe77820%7ce004fb9cb0a4424fbcd0322606d5df38%7c0%7c0%7c637558309090057801%7cunknown%7ctwfpbgzsb3d8eyjwijoimc4wljawmdailcjqijoiv2lumziilcjbtii6ik1hawwilcjxvci6mn0%3d%7c1000&sdata=pzhzsvv0qkiincdgo3gn2llx9lynn5imxq7apm4voe4%3d&reserved=0
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: https://www.cdc.gov/vaccines/covid-19/retail-pharmacy-program/participating-pharmacies.html
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: https://covidvaccine.emoryhealthcare.org/Scheduling/covid19/#/
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: https://covidvaccine.emoryhealthcare.org/scheduling/covid19/#/
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.vaccines.gov%2F&data=04%7C01%7Cbeth.savoy%40emory.edu%7Cad54103b53404aed8fab08d926a4d236%7Ce004fb9cb0a4424fbcd0322606d5df38%7C0%7C0%7C637583311617091156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2F6nsNXiIKJ2xDrKY0ZuqKPk9xSHrNmysVUSXcubDztg%3D&reserved=0
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: https://nam11.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.vaccines.gov%2f&data=04%7c01%7cbeth.savoy%40emory.edu%7cad54103b53404aed8fab08d926a4d236%7ce004fb9cb0a4424fbcd0322606d5df38%7c0%7c0%7c637583311617091156%7cunknown%7ctwfpbgzsb3d8eyjwijoimc4wljawmdailcjqijoiv2lumziilcjbtii6ik1hawwilcjxvci6mn0%3d%7c1000&sdata=%2f6nsnxiikj2xdrky0zuqkpk9xshrnmysvusxcubdztg%3d&reserved=0
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cdc.gov%2Fpublichealthgateway%2Fhealthdirectories%2Fhealthdepartments.html&data=04%7C01%7Call-students%40listserv.emory.edu%7Caa42c2c91a884566bee508d90fe77820%7Ce004fb9cb0a4424fbcd0322606d5df38%7C0%7C0%7C637558309090057801%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PZHZsvv0qkIiNCdgo3Gn2lLX9lynN5imxq7APm4VoE4%3D&reserved=0
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: https://ww2.emoryhealthcare.org/ce_covidvaccine_qa?_ga=2.53837160.1176435646.1622038632-1280146314.1611349141
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File read: C:\Program Files (x86)\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11394891864812701617,5421238245506412973,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=3994307663767611292 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3994307663767611292 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,11394891864812701617,5421238245506412973,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2914443920406660741 --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11394891864812701617,5421238245506412973,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10280300687710209152 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10280300687710209152 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11394891864812701617,5421238245506412973,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5121740222193972291 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5121740222193972291 --renderer-client-id=5 --mojo-platform-channel-handle=2240 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.emory.edu/forward/
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2424 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf' Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.emory.edu/forward/ Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11394891864812701617,5421238245506412973,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=3994307663767611292 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3994307663767611292 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,11394891864812701617,5421238245506412973,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=2914443920406660741 --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11394891864812701617,5421238245506412973,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10280300687710209152 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10280300687710209152 --renderer-client-id=4 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,11394891864812701617,5421238245506412973,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5121740222193972291 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5121740222193972291 --renderer-client-id=5 --mojo-platform-channel-handle=2240 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2424 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File opened: C:\Windows\SysWOW64\Msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: PDF keyword /JS count = 0
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: PDF keyword /JavaScript count = 0
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: PDF keyword /EmbeddedFile count = 0
Source: Strategic Procurement Services Supplier Notice COVID19 June 30 2021.pdf Initial sample: PDF keyword obj count = 67
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: AcroRd32.exe, 00000002.00000000.463902928.00000000055AA000.00000004.00000020.sdmp Binary or memory string: QEmU-
Source: hallway-with-covid-sign-600x339[1].jpg.21.dr Binary or memory string: QeMU%[@
Source: AcroRd32.exe, 00000002.00000000.491516076.000000000CE4A000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AcroRd32.exe, 00000002.00000000.464965506.0000000005BC0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000002.00000000.464965506.0000000005BC0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: AcroRd32.exe, 00000002.00000000.464965506.0000000005BC0000.00000002.00000001.sdmp Binary or memory string: &Program Manager
Source: AcroRd32.exe, 00000002.00000000.464965506.0000000005BC0000.00000002.00000001.sdmp Binary or memory string: Progmanlock
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 444764 Sample: Strategic Procurement Servi... Startdate: 06/07/2021 Architecture: WINDOWS Score: 1 27 www.emory.edu 2->27 7 AcroRd32.exe 17 43 2->7         started        process3 process4 9 RdrCEF.exe 53 7->9         started        12 iexplore.exe 5 58 7->12         started        14 AcroRd32.exe 10 7 7->14         started        dnsIp5 35 192.168.2.1 unknown unknown 9->35 16 RdrCEF.exe 9->16         started        18 RdrCEF.exe 9->18         started        20 RdrCEF.exe 9->20         started        22 RdrCEF.exe 9->22         started        37 www.emory.edu 12->37 24 iexplore.exe 2 203 12->24         started        39 emory.edu 14->39 process6 dnsIp7 29 global.px.quantserve.com 91.228.74.133, 443, 49814, 49815 QUANTCASTUS United Kingdom 24->29 31 91.228.74.198, 443, 49822, 49823 QUANTCASTUS United Kingdom 24->31 33 34 other IPs or domains 24->33
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
23.111.9.35
 fontawesome-cdn.fonticons.netdna-cdn.com United States
33438 HIGHWINDS2US false
192.229.233.25
 cs491.wac.edgecastcdn.net United States
15133 EDGECASTUS false
172.217.16.98
 googleads.g.doubleclick.net United States
15169 GOOGLEUS false
157.240.17.15
 scontent.xx.fbcdn.net United States
32934 FACEBOOKUS false
170.140.125.169
 template.emory.edu United States
3512 EUSHCUS false
104.26.13.87
 www.juicer.io United States
13335 CLOUDFLARENETUS false
104.16.18.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
18.195.138.231
 ana-cf-col-elb-78-567119012.eu-central-1.elb.amazonaws.com United States
16509 AMAZON-02US false
170.140.125.16
 www.emory.edu United States
3512 EUSHCUS false
91.228.74.198
 unknown United Kingdom
27281 QUANTCASTUS false
91.228.74.133
 global.px.quantserve.com United Kingdom
27281 QUANTCASTUS false
192.229.233.50
 cs672.wac.edgecastcdn.net United States
15133 EDGECASTUS false
157.240.17.63
 scontent.cdninstagram.com United States
32934 FACEBOOKUS false
172.64.172.12
 siteimproveanalytics.com United States
13335 CLOUDFLARENETUS false
64.233.166.155
 stats.l.doubleclick.net United States
15169 GOOGLEUS false
13.224.99.16
 d2fashanjl7d9f.cloudfront.net United States
16509 AMAZON-02US false
104.26.12.87
 img.juicer.io United States
13335 CLOUDFLARENETUS false
170.140.125.20
 emory.edu United States
3512 EUSHCUS false

Private
IP
192.168.2.1

Contacted Domains

Name IP Active
www.google.de 142.250.201.195 true
siteimproveanalytics.com 172.64.172.12 true
d2fashanjl7d9f.cloudfront.net 13.224.99.16 true
stats.l.doubleclick.net 64.233.166.155 true
global.px.quantserve.com 91.228.74.133 true
www.emory.edu 170.140.125.16 true
fontawesome-cdn.fonticons.netdna-cdn.com 23.111.9.35 true
ana-cf-col-elb-78-567119012.eu-central-1.elb.amazonaws.com 18.195.138.231 true
cs491.wac.edgecastcdn.net 192.229.233.25 true
emory.edu 170.140.125.20 true
scontent.cdninstagram.com 157.240.17.63 true
img.juicer.io 104.26.12.87 true
scontent.xx.fbcdn.net 157.240.17.15 true
template.emory.edu 170.140.125.169 true
googleads.g.doubleclick.net 172.217.16.98 true
www.juicer.io 104.26.13.87 true
cdnjs.cloudflare.com 104.16.18.94 true
cs672.wac.edgecastcdn.net 192.229.233.50 true
pbs.twimg.com unknown unknown
secure.quantserve.com unknown unknown
pixel.quantserve.com unknown unknown
66356337.global.siteimproveanalytics.io unknown unknown
connect.facebook.net unknown unknown
rules.quantcount.com unknown unknown
stats.g.doubleclick.net unknown unknown
use.fontawesome.com unknown unknown
code.jquery.com unknown unknown
platform.twitter.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.emory.edu/forward/covid-19/operating-condition-status.html false
    		high
    https://www.emory.edu/forward/covid-19/dashboard/index.html false
      		high
      https://www.emory.edu/forward/ false
        		high
        https://www.emory.edu/forward/#main false
          		high
          https://www.emory.edu/forward/covid-19/healthy-behaviors.html false
            		high
            https://www.emory.edu/forward/covid-19/vaccine.html false
              		high
              https://www.emory.edu/forward/covid-19/index.html false
                		high