Windows Analysis Report Denver Water COVID-19 Response _ City of Denver.pdf

Phishing:

Found iframes

Source: https://test.salesforce.com/	HTTP Parser: Iframe src: https://c.salesforce.com/login-messages/promos.html
Source: https://test.salesforce.com/	HTTP Parser: Iframe src: https://test.salesforce.com/login/sessionserver212.html
Source: https://test.salesforce.com/	HTTP Parser: Iframe src: https://c.salesforce.com/login-messages/promos.html
Source: https://test.salesforce.com/	HTTP Parser: Iframe src: https://test.salesforce.com/login/sessionserver212.html
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: Iframe src: https://c.salesforce.com/login-messages/promos.html
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: Iframe src: https://login.salesforce.com/login/sessionserver212.html
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: Iframe src: https://c.salesforce.com/login-messages/promos.html
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: Iframe src: https://login.salesforce.com/login/sessionserver212.html
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: Iframe src: javascript:void(0)
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-WRXS6TH
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: Iframe src: https://service.force.com/embeddedservice/5.0/esw.html?parent=https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: Iframe src: https://a10681260716.cdn.optimizely.com/client_storage/a10681260716.html
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: Iframe src: javascript:void(0)
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-WRXS6TH
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: Iframe src: https://service.force.com/embeddedservice/5.0/esw.html?parent=https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: Iframe src: https://a10681260716.cdn.optimizely.com/client_storage/a10681260716.html

HTML body contains low number of good links

Source: https://test.salesforce.com/	HTTP Parser: Number of links: 1
Source: https://test.salesforce.com/	HTTP Parser: Number of links: 1
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: Number of links: 1
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: Number of links: 1
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302	HTTP Parser: Number of links: 0
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302	HTTP Parser: Number of links: 0

No HTML title found

Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: HTML title missing
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: HTML title missing

META author tag missing

Source: https://test.salesforce.com/	HTTP Parser: No <meta name="author".. found
Source: https://test.salesforce.com/	HTTP Parser: No <meta name="author".. found
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: No <meta name="author".. found
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: No <meta name="author".. found
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302	HTTP Parser: No <meta name="author".. found
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302	HTTP Parser: No <meta name="author".. found
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: No <meta name="author".. found
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://test.salesforce.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://test.salesforce.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: No <meta name="copyright".. found
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252Fview	HTTP Parser: No <meta name="copyright".. found
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302	HTTP Parser: No <meta name="copyright".. found
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302	HTTP Parser: No <meta name="copyright".. found
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: No <meta name="copyright".. found
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main	HTTP Parser: No <meta name="copyright".. found

Compliance:

Creates a directory in C:\Program Files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 13.110.37.182:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.37.182:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.37.182:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.155.195:443 -> 192.168.2.5:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.114:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.192.141.216:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.211.113.33:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.76.54.153:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.192.114:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.1.220.4:443 -> 192.168.2.5:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.46.75:443 -> 192.168.2.5:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 161.71.8.169:443 -> 192.168.2.5:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.114:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 161.71.8.169:443 -> 192.168.2.5:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.1.220.4:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.1.220.4:443 -> 192.168.2.5:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 161.71.8.169:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.225.136.92:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.66.106:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.153.66:443 -> 192.168.2.5:49905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.153.66:443 -> 192.168.2.5:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.205.5.87:443 -> 192.168.2.5:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49947 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.69.75:443 -> 192.168.2.5:49974 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.225.136.92:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.248.156.174:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:50001 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:50038 version: TLS 1.2

Software Vulnerabilities:

Potential document exploit detected (performs DNS queries)

Source: global traffic

DNS query: name: force.com

Potential document exploit detected (performs HTTP gets)

Source: global traffic

TCP traffic: 192.168.2.5:49693 -> 20.190.159.133:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic

TCP traffic: 192.168.2.5:49693 -> 20.190.159.133:443

Networking:

Connects to many different domains

Source: unknown

Network traffic detected: DNS query count 43

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.20.184.68 104.20.184.68
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: b32309a26951912be7dba376398abc3b
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.35.237.194

Downloads files from webservers via HTTP

Source: global traffic

HTTP traffic detected: GET /watch/MxeeKTO3x5oMx4jNVWWX4w HTTP/1.1Host: salesforce.vidyard.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: force.com

URLs found in memory or binary data

Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000000.362588309.000000000CE78000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000000.362588309.000000000CE78000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/.3/
Source: AcroRd32.exe, 00000001.00000000.362588309.000000000CE78000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0//1.0/
Source: EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D0.27.dr	String found in binary or memory: http://crl.godaddy.com/repository/0
Source: 223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B17710.27.dr	String found in binary or memory: http://crl.godaddy.com/repository/gdroot-g2.crl0J
Source: EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D0.27.dr	String found in binary or memory: http://crl.godaddy.com/repository/gdroot.crl0J
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.27.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: AcroRd32.exe, 00000001.00000000.355025147.000000000B19D000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000000.355025147.000000000B19D000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/.
Source: AcroRd32.exe, 00000001.00000000.355025147.000000000B19D000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/R
Source: AcroRd32.exe, 00000001.00000000.355025147.000000000B19D000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/qual/1.0/m#
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/qual/1.0/m#dK
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: 223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771.27.dr	String found in binary or memory: http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLb
Source: EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D.27.dr	String found in binary or memory: http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2H
Source: Favicons.26.dr	String found in binary or memory: http://salesforce.vidyard.com/watch/MxeeKTO3x5oMx4jNVWWX4w
Source: History.26.dr	String found in binary or memory: http://salesforce.vidyard.com/watch/MxeeKTO3x5oMx4jNVWWX4wNeed
Source: Current Session.26.dr	String found in binary or memory: http://salesforce.vidyard.com/watch/MxeeKTO3x5oMx4jNVWWX4ws
Source: AcroRd32.exe, 00000001.00000000.362720475.000000000CF3E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000000.362720475.000000000CF3E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/RWD
Source: AcroRd32.exe, 00000001.00000000.362720475.000000000CF3E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000000.362720475.000000000CF3E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#UW
Source: AcroRd32.exe, 00000001.00000000.362588309.000000000CE78000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000000.362588309.000000000CE78000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/m
Source: AcroRd32.exe, 00000001.00000000.362299800.000000000CCB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000000.362299800.000000000CCB3000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#mensions#
Source: AcroRd32.exe, 00000001.00000000.362720475.000000000CF3E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000000.362588309.000000000CE78000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000000.362588309.000000000CE78000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/r
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000000.362588309.000000000CE78000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000000.342311683.0000000007CD0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000000.342311683.0000000007CD0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000000.342311683.0000000007CD0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000000.342311683.0000000007CD0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000000.342311683.0000000007CD0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000000.342311683.0000000007CD0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000000.342311683.0000000007CD0000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000000.358640774.000000000B922000.00000004.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: 1c26761dbfc2c2a4_0.26.dr	String found in binary or memory: http://www.sfdcstatic.com
Source: AcroRd32.exe, 00000001.00000000.357996503.000000000B630000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/0p
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i.p
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/iZ
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/iv
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/r
Source: 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://a.sfdcstatic.com
Source: Network Action Predictor-journal.26.dr	String found in binary or memory: https://a.sfdcstatic.com/
Source: bf19fd18b20794e3_0.26.dr, 1bc531e21a30a47b_0.26.dr	String found in binary or memory: https://a.sfdcstatic.com/enterprise/salesforce/prod/6140/v12/oneTrust/scripttemplates/6.14.0/otBanne
Source: afb6c9493a1d61ab_0.26.dr	String found in binary or memory: https://a.sfdcstatic.com/enterprise/salesforce/prod/6140/v12/oneTrust/scripttemplates/otSDKStub.js
Source: afb6c9493a1d61ab_0.26.dr	String found in binary or memory: https://a.sfdcstatic.com/enterprise/salesforce/prod/6140/v12/oneTrust/scripttemplates/otSDKStub.jsaD
Source: 000003.log4.26.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://a10681260716.cdn.optimizely.com
Source: 000003.log0.26.dr	String found in binary or memory: https://a10681260716.cdn.optimizely.com/
Source: Current Session.26.dr	String found in binary or memory: https://a10681260716.cdn.optimizely.com/client_storage/a10681260716.html
Source: manifest.json0.26.dr, 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://accounts.google.com
Source: 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://api.company-target.com
Source: AcroRd32.exe, 00000001.00000000.362386174.000000000CD20000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000000.362386174.000000000CD20000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comRLW
Source: AcroRd32.exe, 00000001.00000000.362748586.000000000CF77000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.coml
Source: manifest.json0.26.dr, 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://apis.google.com
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://assets.vidyard.com
Source: Network Action Predictor.26.dr	String found in binary or memory: https://assets.vidyard.com/
Source: a9a521ff86fc92b5_0.26.dr	String found in binary or memory: https://assets.vidyard.com/play/js/32-51e66b98cfd24c285e87e08125334efd.js
Source: 9f882733444c4022_0.26.dr	String found in binary or memory: https://assets.vidyard.com/play/js/5-c242cda39d7c399602bd1e83de9e7fda.js
Source: ecd2a3647b1c9857_0.26.dr	String found in binary or memory: https://assets.vidyard.com/play/js/main-7f106a2a0be47a0349a49a677f85c74d.js
Source: e69b15df1c23c1b5_0.26.dr	String found in binary or memory: https://assets.vidyard.com/play/js/player-pomo-f0dab77277d709e401411484912ef925.js
Source: bd2b4ce8b26c46ab_0.26.dr	String found in binary or memory: https://assets.vidyard.com/play/js/runtime~main-5f22dc7e904c5db5632211eddbd1d06e.js
Source: ef94954efc9c945a_0.26.dr	String found in binary or memory: https://assets.vidyard.com/play/js/vendors~access-code~player-pomo~whitelisted-embed-457ceea6d009cfb
Source: f9b74fae4d0a1974_0.26.dr	String found in binary or memory: https://assets.vidyard.com/play/js/vendors~player-pomo-679371da8845635da642d1e91442e9ee.js
Source: 556a4170dda59162_0.26.dr	String found in binary or memory: https://assets.vidyard.com/play/js/vendors~player~player-pomo~unreleased-47190ead2f494cd51880393c731
Source: 132f97af514833fb_0.26.dr, a5a012906cf32fb5_0.26.dr	String found in binary or memory: https://assets.vidyard.com/share/webpack/js/0-c3cdc926d9ed4a3714fd.chunk.js
Source: a5a012906cf32fb5_0.26.dr	String found in binary or memory: https://assets.vidyard.com/share/webpack/js/0-c3cdc926d9ed4a3714fd.chunk.jsaD
Source: c2eb66638768403b_0.26.dr	String found in binary or memory: https://assets.vidyard.com/share/webpack/js/334-025f3505461e8f1037c8.chunk.js
Source: 4227dc6a3fddee79_0.26.dr	String found in binary or memory: https://assets.vidyard.com/share/webpack/js/335-0cd57ad1abce82796388.chunk.js
Source: b460779e5dc5d88c_0.26.dr	String found in binary or memory: https://assets.vidyard.com/share/webpack/js/common-cba08f83ddaaf837bce8.chunk.js
Source: b0295a7178bb3ce1_0.26.dr	String found in binary or memory: https://assets.vidyard.com/share/webpack/js/hub-scripts/manifest_hub-49b6c755faef1442e52f.chunk.js
Source: 736dae025bf56775_0.26.dr	String found in binary or memory: https://assets.vidyard.com/share/webpack/js/runtime~common-33973f78b73ccee73ef3.js
Source: f43de13992f2b559_0.26.dr	String found in binary or memory: https://assets.vidyard.com/share/webpack/js/runtime~hub-scripts/manifest_hub-7ee87e7da8171c9a975a.js
Source: aea21438adb65508_0.26.dr	String found in binary or memory: https://assets.vidyard.com/share/webpack/js/runtime~hub-scripts/salesforce/manifest-54c3784914aec4d7
Source: 531c816c76f5d016_0.26.dr, 42c6ff745afae2c3_0.26.dr	String found in binary or memory: https://beyondcore.com
Source: 000003.log4.26.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://c.salesforce.com
Source: Current Session.26.dr	String found in binary or memory: https://c.salesforce.com#
Source: 000003.log0.26.dr	String found in binary or memory: https://c.salesforce.com/
Source: History.26.dr, Current Session.26.dr	String found in binary or memory: https://c.salesforce.com/login-messages/promos.html
Source: History.26.dr	String found in binary or memory: https://c.salesforce.com/login-messages/promos.html/%
Source: Current Session.26.dr	String found in binary or memory: https://c.salesforce.com3
Source: Current Session.26.dr	String found in binary or memory: https://c.salesforce.comh
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://c1.sfdcstatic.com
Source: Network Action Predictor.26.dr	String found in binary or memory: https://c1.sfdcstatic.com/
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://cdn.evgnet.com
Source: 0c9ed63e22aa523f_0.26.dr	String found in binary or memory: https://cdn.evgnet.com/beacon/salesforce/sfprod/scripts/evergage.min.js
Source: 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://cdn.optimizely.com
Source: Network Action Predictor-journal.26.dr	String found in binary or memory: https://cdn.optimizely.com/
Source: bf5f2702a53f4c3f_0.26.dr	String found in binary or memory: https://cdn.optimizely.com/js/10681260716.js
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://cdn.vidyard.com
Source: 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.26.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: cfca0f793f8f36bd_0.26.dr	String found in binary or memory: https://consumer.krxd.net/consumer/tmp_cookie
Source: 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.26.dr	String found in binary or memory: https://content.googleapis.com
Source: bf19fd18b20794e3_0.26.dr	String found in binary or memory: https://cookiepedia.co.uk/host/.app.onetrust.com?_ga=2.157675898.1572084395.1556120090-1266459230.15
Source: d17380e6-5e79-4ca7-8dff-b59f5d92e89c.tmp.27.dr, 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr, b803a90d-9575-4613-9327-c1d95ce6d617.tmp.27.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.26.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.26.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.26.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: ef24e6411693ffdb_0.26.dr	String found in binary or memory: https://force.com/
Source: 9ea916fdfec0cb6a_0.26.dr	String found in binary or memory: https://force.com/S
Source: dba44b103371b327_0.26.dr	String found in binary or memory: https://force.com/j
Source: 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://geolocation.onetrust.com
Source: manifest.json0.26.dr	String found in binary or memory: https://hangouts.google.com/
Source: 531c816c76f5d016_0.26.dr, 42c6ff745afae2c3_0.26.dr	String found in binary or memory: https://hosted-scratch.herokuapp.com/trial
Source: AcroRd32.exe, 00000001.00000000.348239651.00000000093E4000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000001.00000000.348239651.00000000093E4000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.comQ
Source: 531c816c76f5d016_0.26.dr	String found in binary or memory: https://login.salesforce.com
Source: ddd1cbf077568839_0.26.dr	String found in binary or memory: https://login.salesforce.com/jslibrary/SessionServer212.js
Source: Current Session.26.dr	String found in binary or memory: https://login.salesforce.com/login/sessionserver212.html
Source: AcroRd32.exe, 00000001.00000000.358264413.000000000B6CA000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.354081546.000000000A7AF000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/0014T000004o6JxQAI/related/Services__r/vie
Source: AcroRd32.exe, 00000001.00000000.356593925.000000000B55C000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/0014T000004o6JxQAI/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/0014T000004o6JxQAI/view)
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp, Favicons.26.dr, History-journal.26.dr	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view
Source: AcroRd32.exe, 00000001.00000000.357093223.000000000B5BA000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view$
Source: AcroRd32.exe, 00000001.00000000.354081546.000000000A7AF000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view)
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view.9
Source: History Provider Cache.26.dr	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view2
Source: History-journal.26.dr	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view3
Source: Favicons-journal.26.dr	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/viewL
Source: History.26.dr	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/viewLogin
Source: Favicons-journal.26.dr	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/viewi
Source: History-journal.26.dr	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/viewr
Source: AcroRd32.exe, 00000001.00000000.362615158.000000000CEAD000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/related/All_
Source: AcroRd32.exe, 00000001.00000000.362615158.000000000CEAD000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/related/Hour
Source: AcroRd32.exe, 00000001.00000000.353940243.000000000A70C000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/related/Taxo
Source: AcroRd32.exe, 00000001.00000000.357908265.000000000B61D000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/related/Zip_
Source: AcroRd32.exe, 00000001.00000000.357908265.000000000B61D000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/view?ws=%2Fl
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7WQAU/view
Source: AcroRd32.exe, 00000001.00000000.354081546.000000000A7AF000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7WQAU/view)
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7XQAU/view
Source: AcroRd32.exe, 00000001.00000000.354081546.000000000A7AF000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7XQAU/view)
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7XQAU/viewd8
Source: AcroRd32.exe, 00000001.00000000.357093223.000000000B5BA000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7ZQAU/view
Source: AcroRd32.exe, 00000001.00000000.354081546.000000000A7AF000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7ZQAU/view)
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a014T000003RANoQAO/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a014T000003RANoQAO/view)
Source: AcroRd32.exe, 00000001.00000000.362615158.000000000CEAD000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/All_Service_s_S
Source: AcroRd32.exe, 00000001.00000000.362615158.000000000CEAD000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/Hours_of_Operat
Source: AcroRd32.exe, 00000001.00000000.353940243.000000000A70C000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/Taxo__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/Taxo__r/view)
Source: AcroRd32.exe, 00000001.00000000.353940243.000000000A70C000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/Taxo__r/viewv
Source: AcroRd32.exe, 00000001.00000000.362615158.000000000CEAD000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/Zip_City_County
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0F4T000000q3WkUAI/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0F4T000000q3WkUAI/view)
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0a4T000000hQHzQAM/view
Source: AcroRd32.exe, 00000001.00000000.354081546.000000000A7AF000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0a4T000000hQHzQAM/view)
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0a4T000000hQHzQAM/view=9
Source: AcroRd32.exe, 00000001.00000000.361928237.000000000CC60000.00000004.00000001.sdmp	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0h4T000003enMwQAI/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/lightning/r/a0h4T000003enMwQAI/view)
Source: AcroRd32.exe, 00000001.00000000.354081546.000000000A7AF000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.357093223.000000000B5BA000.00000004.00000001.sdmp, Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://milehighunitedway.lightning.force.com/runtime_sales_activities/activityViewAll.app?parentRec
Source: Current Session.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com
Source: Network Action Predictor-journal.26.dr, Current Session.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/
Source: History.26.dr, History Provider Cache.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%
Source: Favicons.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/favicon.ico
Source: Favicons-journal.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/favicon.icoL
Source: Favicons-journal.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/favicon.icoi
Source: 1ce0eabb8db46424_0.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/jslibrary/LoginHint208.js
Source: 0fe58cb23543dcad_0.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/jslibrary/LoginMarketingSurveyResponse.js
Source: afd328c0a869b31c_0.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/jslibrary/SfdcSessionBase208.js
Source: 8dfcbff67bfe1ca4_0.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/jslibrary/baselogin4.js
Source: History.26.dr, Current Session.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/s.gif
Source: History.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/s.gif/%
Source: History.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fv
Source: History.26.dr, History Provider Cache.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com/visualforce/session?url=https%3A%2F%2Fmilehighunitedway.
Source: Current Session.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.com3
Source: Current Session.26.dr	String found in binary or memory: https://milehighunitedway.my.salesforce.comh
Source: 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://ogs.google.com
Source: 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://omtr2.partners.salesforce.com
Source: cfca0f793f8f36bd_0.26.dr	String found in binary or memory: https://oss.maxcdn.com/respond/1.4.2/respond.min.js
Source: manifest.json.26.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 000003.log4.26.dr	String found in binary or memory: https://play.vidyard.com
Source: 000003.log0.26.dr	String found in binary or memory: https://play.vidyard.com/
Source: dd162f458a1a44f0_0.26.dr	String found in binary or memory: https://play.vidyard.com/MxeeKTO3x5oMx4jNVWWX4w.js?height=360&hide_html5_playlist=1&v=3.1.1&vyetoken
Source: Current Session.26.dr	String found in binary or memory: https://play.vidyard.com/MxeeKTO3x5oMx4jNVWWX4w?hide_html5_playlist=1&v=3.1.1&vyetoken=&type=inline&
Source: 531c816c76f5d016_0.26.dr	String found in binary or memory: https://quip.com
Source: 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://r4---sn-h0jeener.gvt1.com
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://raw.vidyard.com
Source: 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://redirector.gvt1.com
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://s.go-mpulse.net
Source: 9a65b9a9b106f3eb_0.26.dr	String found in binary or memory: https://s.go-mpulse.net/boomerang/NCPYV-VGJPP-N4J93-8HN3B-8B6S3
Source: 6a1b0fb2fb02c3e2_0.26.dr	String found in binary or memory: https://s.go-mpulse.net/boomerang/NCPYV-VGJPP-N4J93-8HN3B-8B6S3aD
Source: 531c816c76f5d016_0.26.dr	String found in binary or memory: https://salesforce.com
Source: 0b7793b866733cfc_0.26.dr, 0c9ed63e22aa523f_0.26.dr, 2914ffb6a4f6449d_0.26.dr, c2265b0742ce3a13_0.26.dr	String found in binary or memory: https://salesforce.com/
Source: 3246e51d8c77b25d_0.26.dr	String found in binary or memory: https://salesforce.com/-
Source: feed4e595e1d1b2f_0.26.dr	String found in binary or memory: https://salesforce.com//
Source: f6cf5d7476b67c7b_0.26.dr	String found in binary or memory: https://salesforce.com//w
Source: 97555950e9d5de8b_0.26.dr	String found in binary or memory: https://salesforce.com/0
Source: baf2de91df5dbb2a_0.26.dr	String found in binary or memory: https://salesforce.com/2S
Source: d14227ee80a030c4_0.26.dr	String found in binary or memory: https://salesforce.com/4
Source: 1c26761dbfc2c2a4_0.26.dr	String found in binary or memory: https://salesforce.com/5N
Source: bf5f2702a53f4c3f_0.26.dr	String found in binary or memory: https://salesforce.com/7
Source: 7c5e82b44ef8024f_0.26.dr	String found in binary or memory: https://salesforce.com/:
Source: 93bbeae5ab81f683_0.26.dr	String found in binary or memory: https://salesforce.com/A
Source: 79f5d96c6b810deb_0.26.dr	String found in binary or memory: https://salesforce.com/DB
Source: fc9c3cdb51004a85_0.26.dr	String found in binary or memory: https://salesforce.com/Dy
Source: 8dfcbff67bfe1ca4_0.26.dr	String found in binary or memory: https://salesforce.com/H
Source: 2b2eec19ea6624dd_0.26.dr	String found in binary or memory: https://salesforce.com/N
Source: b215239729a62c6e_0.26.dr	String found in binary or memory: https://salesforce.com/O
Source: 99e6f354344db044_0.26.dr	String found in binary or memory: https://salesforce.com/Tn
Source: 9a65b9a9b106f3eb_0.26.dr	String found in binary or memory: https://salesforce.com/V
Source: 0396d3d509d4a2cd_0.26.dr	String found in binary or memory: https://salesforce.com/eLml
Source: 327c4c88ec613485_0.26.dr	String found in binary or memory: https://salesforce.com/i0
Source: 1bc531e21a30a47b_0.26.dr	String found in binary or memory: https://salesforce.com/j
Source: 0bc875f6b0dba4f8_0.26.dr	String found in binary or memory: https://salesforce.com/q
Source: ec0ab1be94b10e9e_0.26.dr, 8ee3aa41637b3855_0.26.dr	String found in binary or memory: https://salesforce.com/t
Source: 508bf6a9bb984fde_0.26.dr	String found in binary or memory: https://salesforce.com/v
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://salesforce.us-1.evergage.com
Source: 000003.log4.26.dr, Current Session.26.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://salesforce.vidyard.com
Source: Network Action Predictor.26.dr, 000003.log0.26.dr	String found in binary or memory: https://salesforce.vidyard.com/
Source: Favicons.26.dr	String found in binary or memory: https://salesforce.vidyard.com/favicon.ico
Source: Current Session.26.dr	String found in binary or memory: https://salesforce.vidyard.com/watch/MxeeKTO3x5oMx4jNVWWX4w
Source: History.26.dr	String found in binary or memory: https://salesforce.vidyard.com/watch/MxeeKTO3x5oMx4jNVWWX4wNeed
Source: Current Session.26.dr	String found in binary or memory: https://salesforcecom.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fc.salesforce.com%2Flogin-messages
Source: manifest.json.26.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 000003.log4.26.dr	String found in binary or memory: https://service.force.com
Source: 000003.log0.26.dr	String found in binary or memory: https://service.force.com/
Source: 3cac65354664bc92_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js
Source: 3cac65354664bc92_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/client/invite.esw.min.jsaD
Source: 0bc875f6b0dba4f8_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js
Source: 0bc875f6b0dba4f8_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.jsaD
Source: Current Session.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/esw.html?parent=https://www.salesforce.com/eu/?ir=1
Source: Current Session.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/esw.html?parent=https://www.salesforce.com/form/signup
Source: 9ea916fdfec0cb6a_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/eswFrame.min.js
Source: 9ea916fdfec0cb6a_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/eswFrame.min.jsaD
Source: dba44b103371b327_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/frame/broadcast.esw.min.js
Source: dba44b103371b327_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/frame/broadcast.esw.min.jsa
Source: dba44b103371b327_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/frame/broadcast.esw.min.jsaD
Source: ef24e6411693ffdb_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/frame/chasitor.esw.min.js
Source: ef24e6411693ffdb_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/frame/chasitor.esw.min.jsaD
Source: a11eb6a8d0c731c5_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/frame/session.esw.min.js
Source: a11eb6a8d0c731c5_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/frame/session.esw.min.jsaD
Source: 25654a32fd1008c8_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/utils/common.min.js
Source: 25654a32fd1008c8_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/utils/common.min.jsaD
Source: 0396d3d509d4a2cd_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/utils/inert.min.js
Source: 0396d3d509d4a2cd_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/utils/inert.min.jsa
Source: 0396d3d509d4a2cd_0.26.dr	String found in binary or memory: https://service.force.com/embeddedservice/5.0/utils/inert.min.jsaD
Source: 000003.log4.26.dr	String found in binary or memory: https://service.force.com4_https://service.force.com
Source: 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://ssl.gstatic.com
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://stats.g.doubleclick.net
Source: messages.json80.26.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json80.26.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: Current Session.26.dr	String found in binary or memory: https://test.salesforce.com
Source: Favicons.26.dr	String found in binary or memory: https://test.salesforce.com/
Source: History.26.dr	String found in binary or memory: https://test.salesforce.com/Login
Source: Favicons.26.dr	String found in binary or memory: https://test.salesforce.com/favicon.ico
Source: Favicons.26.dr	String found in binary or memory: https://test.salesforce.com/favicon.icoF
Source: 5b74b1b4f6d81fb6_0.26.dr	String found in binary or memory: https://test.salesforce.com/jslibrary/LoginHint208.js
Source: 6f8e9e20624feab5_0.26.dr	String found in binary or memory: https://test.salesforce.com/jslibrary/LoginMarketingSurveyResponse.js
Source: bb0bdb1c9802b1a5_0.26.dr	String found in binary or memory: https://test.salesforce.com/jslibrary/SessionServer212.js
Source: 79f5d96c6b810deb_0.26.dr	String found in binary or memory: https://test.salesforce.com/jslibrary/SfdcSessionBase208.js
Source: 327c4c88ec613485_0.26.dr	String found in binary or memory: https://test.salesforce.com/jslibrary/baselogin4.js
Source: Current Session.26.dr	String found in binary or memory: https://test.salesforce.com/login/sessionserver212.html
Source: History.26.dr, Current Session.26.dr	String found in binary or memory: https://test.salesforce.com/s.gif
Source: History.26.dr	String found in binary or memory: https://test.salesforce.com/s.gif/%
Source: Current Session.26.dr	String found in binary or memory: https://test.salesforce.comh
Source: 42c6ff745afae2c3_0.26.dr	String found in binary or memory: https://trailhead.salesforce.com
Source: 736dae025bf56775_0.26.dr, 132f97af514833fb_0.26.dr, 556a4170dda59162_0.26.dr, b0295a7178bb3ce1_0.26.dr, f43de13992f2b559_0.26.dr	String found in binary or memory: https://vidyard.com/
Source: dd162f458a1a44f0_0.26.dr	String found in binary or memory: https://vidyard.com/atum
Source: a9a521ff86fc92b5_0.26.dr	String found in binary or memory: https://vidyard.com/e
Source: AcroRd32.exe, 00000001.00000000.357996503.000000000B630000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.356835868.000000000B58F000.00000004.00000001.sdmp	String found in binary or memory: https://www.denverwater.org/
Source: Denver Water COVID-19 Response _ City of Denver.pdf	String found in binary or memory: https://www.denverwater.org/)
Source: AcroRd32.exe, 00000001.00000000.370130068.0000000008B8D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://www.google-analytics.com
Source: 93bbeae5ab81f683_0.26.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 3246e51d8c77b25d_0.26.dr	String found in binary or memory: https://www.google-analytics.com/plugins/ua/linkid.js
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://www.google.ch
Source: manifest.json0.26.dr, 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.26.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.26.dr	String found in binary or memory: https://www.google.com;
Source: 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.26.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.26.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.26.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.26.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.26.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.26.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.26.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.26.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.26.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.26.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.26.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.26.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.26.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://www.googletagmanager.com
Source: 80ece99a40e83f71_0.26.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-5NFPC39&l=dataLayer
Source: 3abc09c1ee5bab79_0.26.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-N4QVCLK&l=dataLayer
Source: bc7c51ee3e045af3_0.26.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-WRXS6TH
Source: 8ee3aa41637b3855_0.26.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-WW6VQTG&l=dataLayer
Source: 1a1e459d-a967-46dc-897d-fd7305c61dc1.tmp.27.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.26.dr	String found in binary or memory: https://www.gstatic.com;
Source: 000003.log4.26.dr, Current Session.26.dr, 2e7676b1-acb5-4368-a098-b2f84c227168.tmp.27.dr, 4307a062-8872-4482-a81f-1d02927d294a.tmp.27.dr, b7daa131-e039-4790-9e53-3c8cd4d72f2b.tmp.27.dr	String found in binary or memory: https://www.salesforce.com
Source: 000003.log0.26.dr	String found in binary or memory: https://www.salesforce.com/
Source: History.26.dr	String found in binary or memory: https://www.salesforce.com/CRM
Source: 000003.log0.26.dr	String found in binary or memory: https://www.salesforce.com/content/dam/web/en_us/shared/pilot/chat-rep-ishani.jpg
Source: 000003.log0.26.dr	String found in binary or memory: https://www.salesforce.com/content/dam/web/en_us/shared/pilot/chat-rep-natalie.jpg#main
Source: 000003.log0.26.dr	String found in binary or memory: https://www.salesforce.com/content/dam/web/en_us/shared/pilot/male-2-small
Source: 6e09dafe5c7cfc2e_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/scriptloader.bundle.52bc5e074c2de27d5cb2.js
Source: 6e09dafe5c7cfc2e_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/scriptloader.bundle.52bc5e074c2de27d5cb2.jsa
Source: f6cf5d7476b67c7b_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/utils.bundle.52bc5e074c2de27d5cb2.js
Source: f6cf5d7476b67c7b_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/utils.bundle.52bc5e074c2de27d5cb2.jsa
Source: f6cf5d7476b67c7b_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/utils.bundle.52bc5e074c2de27d5cb2.jsaD
Source: 843d94da67332a67_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/vendors~scriptloader.bundle.52bc5e074c2de27d
Source: 508bf6a9bb984fde_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/vendors~scriptloader~utils.bundle.52bc5e074c
Source: 7c5e82b44ef8024f_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/vendors~utils~webpack-script-manifest-SfdcWw
Source: baf2de91df5dbb2a_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/vendors~webpack-script-manifest-SfdcWwwBaseC
Source: ec0ab1be94b10e9e_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/vendors~webpack-script-manifest-liveChat-js.
Source: bdfaf3b844696a2a_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/webpack-script-manifest-commonlyUsed-js.bund
Source: 97555950e9d5de8b_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/webpack-script-manifest-commonlyUsed-js~webp
Source: 52d0ddbfe624f231_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/webpack-script-manifest-config-js.bundle.52b
Source: 2b2eec19ea6624dd_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/webpack-script-manifest-formContainerV2-js.b
Source: 88729b22c6aa6aa1_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/webpack-script-manifest-linkedData-js.bundle
Source: feed4e595e1d1b2f_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/webpack-script-manifest-liveChat-js.bundle.5
Source: 8df4d34bded30d9b_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.bundles/sfdc-www/bundles/webpack-script-manifest-optimizely-js.bundle
Source: b74f6f518defb679_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.clientlibs/clientlibs/granite/jquery.min.8e23e5ad8c1b5c588cca8d71df0a
Source: 93e4048c01583079_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.e67470fde615e2d442e0
Source: b012c3ddd10ba66c_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.clientlibs/clientlibs/granite/utils.min.308082b4c347f4fec37ffef277d39
Source: 093e8d39c8dba529_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.clientlibs/cq/personalization/clientlib/personalization/kernel.min.01
Source: 93340faf42400463_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc.clientlibs/foundation/clientlibs/shared.min.d8eee0685f08a5253a1d753a2
Source: daf071074f583402_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/granite/lodash/modern.min.3a0ad4c7614495b1cae264dfcb9b9813
Source: 99e6f354344db044_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/granite/lodash/modern.min.c91f245fca10db8928d5.js
Source: 42c6ff745afae2c3_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_analytics_bottom.min.5f37c69aa5
Source: 0b7793b866733cfc_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_analytics_bottom/js/platforms/a
Source: 531c816c76f5d016_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_analytics_login_bottom.min.9c3f
Source: 93a844b8cb7f86d8_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_analytics_login_top.min.301d6a7
Source: 1c26761dbfc2c2a4_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_analytics_top.min.301d6a760140b
Source: d14227ee80a030c4_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_analytics_top.min.c91f245fca10d
Source: a023156a068fd8d8_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_evergage.min.93d25246841f4d9f30
Source: ac38256b09453608_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_onetrust.min.c91f245fca10db8928
Source: 6b359ac456b8f1e5_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_onetrust.min.d956db948796236838
Source: b215239729a62c6e_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/clientlibs_www_tags.min.49c634c0df8e725801
Source: c2265b0742ce3a13_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/sfdc_jquery.min.c91f245fca10db8928d5.js
Source: d0ea8771081755b0_0.26.dr	String found in binary or memory: https://www.salesforce.com/etc/clientlibs/sfdc-aem-master/sfdc_jquery.min.d6ea05d15a13f90cbddc2a00c4
Source: Favicons.26.dr	String found in binary or memory: https://www.salesforce.com/etc/designs/sfdc-www/en_ie/favicon.ico
Source: Favicons.26.dr	String found in binary or memory: https://www.salesforce.com/etc/designs/sfdc-www/en_ie/favicon.ico.
Source: Favicons.26.dr	String found in binary or memory: https://www.salesforce.com/etc/designs/sfdc-www/en_us/favicon.ico
Source: Favicons.26.dr	String found in binary or memory: https://www.salesforce.com/etc/designs/sfdc-www/en_us/favicon.ico;
Source: Current Session.26.dr, 000003.log0.26.dr	String found in binary or memory: https://www.salesforce.com/eu/?ir=1
Source: Current Session.26.dr	String found in binary or memory: https://www.salesforce.com/eu/?ir=1:CRM
Source: History.26.dr	String found in binary or memory: https://www.salesforce.com/eu/?ir=1CRM
Source: Current Session.26.dr, 000003.log0.26.dr	String found in binary or memory: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147
Source: Current Session.26.dr, 000003.log0.26.dr	String found in binary or memory: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main
Source: Current Session.26.dr	String found in binary or memory: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainS
Source: History.26.dr	String found in binary or memory: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainSales
Source: History.26.dr	String found in binary or memory: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147Sales
Source: Current Session.26.dr	String found in binary or memory: https://www.salesforce.com/leadcapture/SignupServlet
Source: 000003.log4.26.dr	String found in binary or memory: https://www.salesforce.com_oeu1626478795334r0.12259404291072418$$10681260716$$layer_map
Source: 000003.log4.26.dr	String found in binary or memory: https://www.salesforce.com_oeu1626478795334r0.12259404291072418$$10681260716$$layer_states
Source: 000003.log4.26.dr	String found in binary or memory: https://www.salesforce.com_oeu1626478795334r0.12259404291072418$$10681260716$$session_stateZ
Source: 000003.log4.26.dr	String found in binary or memory: https://www.salesforce.com_oeu1626478795334r0.12259404291072418$$10681260716$$tracker_optimizely
Source: 000003.log4.26.dr	String found in binary or memory: https://www.salesforce.com_oeu1626478795334r0.12259404291072418$$10681260716$$variation_map
Source: 000003.log4.26.dr	String found in binary or memory: https://www.salesforce.com_oeu1626478795334r0.12259404291072418$$10681260716$$visitor_profile
Source: 000003.log4.26.dr	String found in binary or memory: https://www.salesforce.com_pending_events
Source: Current Session.26.dr	String found in binary or memory: https://www.salesforce.comh

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49686
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49676
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 13.110.37.182:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.37.182:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.37.182:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.155.195:443 -> 192.168.2.5:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.114:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.192.141.216:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.211.113.33:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.76.54.153:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.192.114:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.1.220.4:443 -> 192.168.2.5:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.46.75:443 -> 192.168.2.5:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 161.71.8.169:443 -> 192.168.2.5:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.114:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 161.71.8.169:443 -> 192.168.2.5:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.1.220.4:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.1.220.4:443 -> 192.168.2.5:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 161.71.8.169:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.225.136.92:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.66.106:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.153.66:443 -> 192.168.2.5:49905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.222.153.66:443 -> 192.168.2.5:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.205.5.87:443 -> 192.168.2.5:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49947 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.69.75:443 -> 192.168.2.5:49974 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.225.136.92:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.248.156.174:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:50001 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:50038 version: TLS 1.2

System Summary:

Unable to load, office file is protected or invalid

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Window title found: forgot your password | salesforce - google chrome chrome legacy window

Classification label

Source: classification engine

Classification label: clean5.winPDF@56/327@67/33

Clickable URLs found in PDF

Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0f4t000000q3wkuai/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/All_Service_s_Sites__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/0014T000004o6JxQAI/related/Services__r/view?ws=%2Flightning%2Fr%2FAccount%2F0014T000004o6JxQAI%2Fview
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: javascript:void\(0\
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/view?ws=%2Flightning%2Fr%2FAccount%2F0014T000004o6JxQAI%2Fview
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/account/0014t000004o6jxqai/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/service__c/a0e4t000000o5asuac/related/hours_of_operations__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/related/Zip_City_County_Assignments__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/service__c/a0e4t000000o5asuac/view?ws=%2flightning%2fr%2faccount%2f0014t000004o6jxqai%2fview
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a004t000001gg7wqau/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/runtime_sales_activities/activityViewAll.app?parentRecordId=a0E4T000000O5asUAC
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0e4t000000o5asuac/related/all_service_s_sites__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/related/Taxo__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://www.denverwater.org/
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a004t000001gg7xqau/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/0014t000004o6jxqai/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0a4t000000hqhzqam/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0e4t000000o5asuac/related/taxo__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/service__c/a0e4t000000o5asuac/related/taxo__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7WQAU/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/Zip_City_County_Assignments__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/related/Hours_of_Operations__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0h4t000003enmwqai/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/runtime_sales_activities/activityviewall.app?parentrecordid=a0e4t000000o5asuac
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/service__c/a0e4t000000o5asuac/related/zip_city_county_assignments__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0e4t000000o5asuac/related/zip_city_county_assignments__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0F4T000000q3WkUAI/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/Taxo__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a014t000003ranoqao/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0e4t000000o5asuac/related/hours_of_operations__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0E4T000000O5asUAC/related/Hours_of_Operations__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/0014t000004o6jxqai/related/services__r/view?ws=%2flightning%2fr%2faccount%2f0014t000004o6jxqai%2fview
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/0014T000004o6JxQAI/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/Service__c/a0E4T000000O5asUAC/related/All_Service_s_Sites__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7XQAU/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0a4T000000hQHzQAM/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a004t000001gg7zqau/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/service__c/a0e4t000000o5asuac/related/all_service_s_sites__r/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a014T000003RANoQAO/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a0h4T000003enMwQAI/view
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: https://milehighunitedway.lightning.force.com/lightning/r/a004T000001gG7ZQAU/view

Creates files inside the program directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Creates files inside the user directory

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Creates temporary files

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx

Jump to behavior

Reads ini files

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Denver Water COVID-19 Response _ City of Denver.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Denver Water COVID-19 Response _ City of Denver.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12047842394824068586 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12047842394824068586 --renderer-client-id=2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=16938848815433914037 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=787724751391022994 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=787724751391022994 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=16674541699487182290 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16674541699487182290 --renderer-client-id=5 --mojo-platform-channel-handle=2128 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,8292458995521785639,16987803382321267150,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1736 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Denver Water COVID-19 Response _ City of Denver.pdf'			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view'			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12047842394824068586 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12047842394824068586 --renderer-client-id=2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=16938848815433914037 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=787724751391022994 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=787724751391022994 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=16674541699487182290 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16674541699487182290 --renderer-client-id=5 --mojo-platform-channel-handle=2128 --allow-no-sandbox-job /prefetch:1			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,8292458995521785639,16987803382321267150,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1736 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Uses Rich Edit Controls

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Creates a directory in C:\Program Files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

PDF has a JavaScript or JS counter value indicative of goodware

Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: PDF keyword /JS count = 0
Source: Denver Water COVID-19 Response _ City of Denver.pdf	Initial sample: PDF keyword /JavaScript count = 0

PDF has an EmbeddedFile counter value indicative of goodware

Source: Denver Water COVID-19 Response _ City of Denver.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

PDF has an endobj counter value indicative of goodware

Source: Denver Water COVID-19 Response _ City of Denver.pdf

Initial sample: PDF keyword endobj count = 515

PDF has an obj counter value indicative of goodware

Source: Denver Water COVID-19 Response _ City of Denver.pdf

Initial sample: PDF keyword obj count = 515

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion:

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Source: AcroRd32.exe, 00000001.00000000.362588309.000000000CE78000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

HIPS / PFW / Operating System Protection Evasion:

May try to detect the Windows Explorer process (often used for injection)

Source: AcroRd32.exe, 00000001.00000000.367482505.0000000005850000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000000.367482505.0000000005850000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000000.367482505.0000000005850000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: AcroRd32.exe, 00000001.00000000.367482505.0000000005850000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: AcroRd32.exe, 00000001.00000000.367482505.0000000005850000.00000002.00000001.sdmp	Binary or memory string: Progmanlock