View
10
Download
0
Category
Preview:
Citation preview
ID: 115986Sample Name:Proposal2019.pdfCookbook:defaultwindowspdfcookbook.jbsTime: 01:06:16Date: 12/03/2019Version: 25.0.0 Tiger's Eye
244445566777778888
888999999999
101010101010111214141415163636373939404040404040
41414143
Table of Contents
Table of ContentsAnalysis Report Proposal2019.pdf
OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceMitre Att&ck MatrixSignature Overview
Phishing:Software Vulnerabilities:Networking:System Summary:Data Obfuscation:Hooking and other Techniques for Hiding and Protection:Malware Analysis System Evasion:HIPS / PFW / Operating System Protection Evasion:
Behavior GraphSimulations
Behavior and APIsAntivirus Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Joe Sandbox View / ContextIPsDomainsASNJA3 FingerprintsDropped Files
ScreenshotsThumbnails
StartupCreated / dropped FilesDomains and IPs
Contacted DomainsURLs from Memory and BinariesContacted IPsPublic
Static File InfoGeneralFile IconStatic PDF Info
GeneralKeywords Statistics
Network BehaviorNetwork Port DistributionTCP PacketsUDP Packets
Copyright Joe Security LLC 2019 Page 2 of 80
434445515252525252525256
565657
57575757585861
676768
6868686868696970
75757676
76767676
77777777
77777878
7878
7878
7979
7979
7979
8080
80
DNS QueriesDNS AnswersHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: AcroRd32.exe PID: 4700 Parent PID: 4112GeneralFile Activities
File CreatedFile Read
Registry ActivitiesKey CreatedKey Value Created
Analysis Process: AcroRd32.exe PID: 2512 Parent PID: 4700GeneralFile Activities
File CreatedFile DeletedFile WrittenFile Read
Registry ActivitiesKey Value CreatedKey Value Modified
Analysis Process: RdrCEF.exe PID: 4408 Parent PID: 4700GeneralFile Activities
File CreatedFile DeletedFile MovedFile WrittenFile Read
Analysis Process: RdrCEF.exe PID: 4036 Parent PID: 4408GeneralFile Activities
File Read
Analysis Process: RdrCEF.exe PID: 704 Parent PID: 4408GeneralFile Activities
File Read
Analysis Process: RdrCEF.exe PID: 4448 Parent PID: 4408GeneralFile Activities
File Read
Analysis Process: RdrCEF.exe PID: 5196 Parent PID: 4408GeneralFile Activities
File Read
Analysis Process: RdrCEF.exe PID: 5328 Parent PID: 4408General
Analysis Process: RdrCEF.exe PID: 5432 Parent PID: 4408General
Analysis Process: AdobeARM.exe PID: 5780 Parent PID: 4700General
Analysis Process: iexplore.exe PID: 5832 Parent PID: 4700General
Analysis Process: iexplore.exe PID: 5880 Parent PID: 5832General
Analysis Process: AdobeARM.exe PID: 5496 Parent PID: 5780General
Disassembly
Copyright Joe Security LLC 2019 Page 3 of 80
Analysis Report Proposal2019.pdf
Overview
General Information
Joe Sandbox Version: 25.0.0 Tiger's Eye
Analysis ID: 115986
Start date: 12.03.2019
Start time: 01:06:16
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 13m 18s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: Proposal2019.pdf
Cookbook file name: defaultwindowspdfcookbook.jbs
Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed: 31
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies HCA enabledEGA enabledHDC enabled
Detection: MAL
Classification: mal48.winPDF@24/408@18/8
Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .pdfFound PDF documentFind and activate linksSecurity Warning foundClose ViewerBrowsing link: https://www.facebook.com/brillianceautobodyBrowsing link: https://brillianceautobody.com/feed/
Warnings:
Detection
Strategy Score Range Reporting Whitelisted Detection
Connection to analysis system has been lost, crash info: UnknownTCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Exclude process from analysis (whitelisted): taskhostw.exe, sc.exe, dllhost.exe, TiWorker.exe, wermgr.exe, SIHClient.exe, MusNotifyIcon.exe, conhost.exe, CompatTelRunner.exe, svchost.exe, TrustedInstaller.exeReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtCreateFile calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.
Show All
Copyright Joe Security LLC 2019 Page 4 of 80
Threshold 48 0 - 100 Report FP / FN false
Strategy Score Range Reporting Whitelisted Detection
Confidence
Strategy Score Range Further Analysis Required? Confidence
Threshold 5 0 - 5 false
Classification
Copyright Joe Security LLC 2019 Page 5 of 80
Analysis Advice
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Mitre Att&ck Matrix
Initial Access Execution PersistencePrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Command andControl
Valid Accounts Exploitation forClientExecution 3
WinlogonHelper DLL
ProcessInjection 1
ProcessInjection 1
CredentialDumping
ProcessDiscovery 1
ApplicationDeploymentSoftware
Data from LocalSystem
DataEncrypted 1
Standard Non-Application LayerProtocol 2
ReplicationThroughRemovableMedia
ServiceExecution
Port Monitors AccessibilityFeatures
BinaryPadding
NetworkSniffing
ApplicationWindowDiscovery
Remote Services Data fromRemovableMedia
Exfiltration OverOther NetworkMedium
StandardApplication LayerProtocol 2
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Copyright Joe Security LLC 2019 Page 6 of 80
Signature Overview
• Phishing
• Software Vulnerabilities
• Networking
• System Summary
• Data Obfuscation
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• HIPS / PFW / Operating System Protection Evasion
Click to jump to signature section
Phishing:
Suspicious form URL found
Unusual large HTML page
META author tag missing
META copyright tag missing
Software Vulnerabilities:
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Networking:
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Found strings which match to known social media urls
Performs DNS lookups
Urls found in memory or binary data
Uses HTTPS
System Summary:
Potential malicious clickable URLs found in PDF
Classification label
Clickable URLs found in PDF
Creates files inside the user directory
Creates temporary files
Reads ini files
Spawns processes
Writes ini files
Uses Rich Edit Controls
Found graphical window changes (likely an installer)
Uses new MSVCR Dlls
PDF has a JavaScript or JS counter value indicative of goodware
PDF has an EmbeddedFile counter value indicative of goodware
Copyright Joe Security LLC 2019 Page 7 of 80
Data Obfuscation:
PDF has an OpenAction (likely to launch a dropper script)
Hooking and other Techniques for Hiding and Protection:
Disables application error messsages (SetErrorMode)
Malware Analysis System Evasion:
Queries a list of all running processes
HIPS / PFW / Operating System Protection Evasion:
Writes to foreign memory regions
Behavior Graph
ID: 115986
Sample: Proposal2019.pdf
Startdate: 12/03/2019
Architecture: WINDOWS
Score: 48
Potential maliciousclickable URLs found
in PDF
AcroRd32.exe
15 42
started
Writes to foreign memoryregions
iexplore.exe
started
RdrCEF.exe
5
started
AcroRd32.exe
5 8
started
AdobeARM.exe
started
www.brillianceautobody.com brillianceautobody.com
Writes to foreign memoryregions
iexplore.exe
started
RdrCEF.exe
started
RdrCEF.exe
started
RdrCEF.exe
started
3 other processes
brillianceautobody.com
AdobeARM.exe
started
fbsbx.com
157.240.20.35, 443, 49856, 49857
unknown
United States
googlehosted.l.googleusercontent.com
172.217.168.33, 443, 49838, 49839
unknown
United States
17 other IPs or domains
3.3.0.2
unknown
United States
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Hide Legend
No simulations
Behavior Graph
Simulations
Behavior and APIs
Copyright Joe Security LLC 2019 Page 8 of 80
No Antivirus matches
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
brillianceautobody.com 2% virustotal Browse
Source Detection Scanner Label Link
https://brillianceautobody.com/hello-world/#comments 0% Avira URL Cloud safe
https://brillianceautobody.com 0% Avira URL Cloud safe
www.radpdf.com)/Author(Heidi 0% Avira URL Cloud safe
https://brillianceautobody.com/left-sidebar-blog-post/ 0% Avira URL Cloud safe
https://brillianceautobody.com/?p=1 0% Avira URL Cloud safe
https://brillianceautobody.com/hello-world/feed/ 0% Avira URL Cloud safe
https://brillianceautobody.com/left-sidebar-blog-post/#respond 0% Avira URL Cloud safe
https://www.brillianceautobody.com/ 0% Avira URL Cloud safe
https://brillianceautobody.com/right-sidebar-blog-post/ 0% Avira URL Cloud safe
https://brillianceautobody.com/wp-content/plugins/wp_google_review/js/wp_google_review_script.js 0% Avira URL Cloud safe
https://brillianceautobody.com/blog-post-with-comments/#comments 0% Avira URL Cloud safe
https://brillianceautobody.com/left-sidebar-blog-post/feed/ 0% Avira URL Cloud safe
https://brillianceautobody.com/hello-world/ 0% Avira URL Cloud safe
https://brillianceautobody.com/right-sidebar-blog-post/feed/ 0% Avira URL Cloud safe
https://brillianceautobody.com/feed/obody 0% Avira URL Cloud safe
https://brillianceautobody.com/feed/ 0% Avira URL Cloud safe
https://brillianceautobody.com/wp-includes/js/jquery/jquery.js 0% Avira URL Cloud safe
https://brillianceautobody.com/google_rcount/?urls=https%3A%2F%2Fbrillianceautobody.com%2F 0% Avira URL Cloud safe
https://brillianceautobody.com/wp-content/plugins/wp_google_review/css/A.wp_google_review_style.css
0% Avira URL Cloud safe
https://brillianceautobody.com/blog-post-with-comments/feed/ 0% Avira URL Cloud safe
https://brillianceautobody.com/right-sidebar-blog-post/#respond 0% Avira URL Cloud safe
https://brillianceautobody.com/blog-post-with-comments/ 0% Avira URL Cloud safe
https://brillianceautobody.com/ 0% Avira URL Cloud safe
https://brillianceautobody.com/full-width-blog-post/ 0% Avira URL Cloud safe
https://brillianceautobody.com/wp-content/plugins/wp_google_review/images/site/google.png 0% Avira URL Cloud safe
https://brillianceautobody.com/wp-content/uploads/2019/01/cropped-cropped-favicon-carworld-info-32x3
0% Avira URL Cloud safe
https://brillianceautobody.com/full-width-blog-post/feed/ 0% Avira URL Cloud safe
https://brillianceautobody.com/full-width-blog-post/#respond 0% Avira URL Cloud safe
No yara matches
No yara matches
Antivirus Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
URLs
Yara Overview
Initial Sample
PCAP (Network Traffic)
Copyright Joe Security LLC 2019 Page 9 of 80
No yara matches
No yara matches
No yara matches
Match Associated Sample Name / URL SHA 256 Detection Link Context
216.58.215.225 laurenteffel.com Get hash malicious Browse afs.googleusercontent.com/dp-sedo/bullet_lime.gif
185.60.216.35 14452342.js Get hash malicious Browse www.facebook.com/up/fff888.php
668923647.js Get hash malicious Browse www.facebook.com/up/fff888.php
668923647.js Get hash malicious Browse www.facebook.com/up/fff888.php
145897.js Get hash malicious Browse www.facebook.com/up/fff888.php
41893745.js Get hash malicious Browse www.facebook.com/up/fff888.php
41893745.js Get hash malicious Browse www.facebook.com/up/fff888.php
145897.js Get hash malicious Browse www.facebook.com/up/fff888.php
158932045.js Get hash malicious Browse www.facebook.com/up/fff888.php
722837456.js Get hash malicious Browse www.facebook.com/up/fff888.php
722837456.js Get hash malicious Browse www.facebook.com/up/fff888.php
14452342.js Get hash malicious Browse www.facebook.com/up/fff888.php
Match Associated Sample Name / URL SHA 256 Detection Link Context
fbsbx.com www.unitedcpbocaraton.com Get hash malicious Browse 157.240.20.35
www.eduwhiz.in/zzz.php Get hash malicious Browse 157.240.22.35
https://www.buyparrotonline.com Get hash malicious Browse 157.240.22.35
www.edilportale.com/ Get hash malicious Browse 31.13.91.36
www.fgaspari.com.br/fgaspari_antigo/email_mkt/parcelas_vencidas/g ustavohenrique/about-fr.php?science=s28na6a1wd3
Get hash malicious Browse 31.13.71.36
https://bit.ly/2KqDigT Get hash malicious Browse 157.240.20.35
www.argosrl.com Get hash malicious Browse 31.13.92.36
Dropped Files
Memory Dumps
Unpacked PEs
Joe Sandbox View / Context
IPs
Domains
Copyright Joe Security LLC 2019 Page 10 of 80
www.provitec.fr Get hash malicious Browse 185.60.216.35
www.prolocosassidimatera.it Get hash malicious Browse 185.60.216.35
portableapps.com/apps/internet Get hash malicious Browse 185.60.216.35
www.egtenterprise.com Get hash malicious Browse 185.60.216.35
https://spleenzhudson.com/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
Get hash malicious Browse 185.60.216.35
https://guesthousecusco.com Get hash malicious Browse 185.60.216.35
www.letmegooglethat.com/ Get hash malicious Browse 31.13.69.228
https://support.netviewhelpdesk.com/helpdesk/tickets/1734Get hash malicious Browse 157.240.21.35
https://support.netviewhelpdesk.com/helpdesk/tickets/1734Get hash malicious Browse 179.60.192.36
The Global Petroleum Data Management Forum Agenda.pdf Get hash malicious Browse 31.13.84.36
www.benferri.es Get hash malicious Browse 157.240.14.35
www.knappassociatesinc.com Get hash malicious Browse 31.13.91.36
star-mini.c10r.facebook.com www.provitec.fr Get hash malicious Browse 31.13.91.36
mansiobbok.com Get hash malicious Browse 31.13.91.36
l.e.crainalerts.com/rts/go2.aspx?h=136632&tp=i-H43-Dt-2p1-CVvtZ-1o-4Npx-1c-CW37P-1Rcir&x=2249754
Get hash malicious Browse 185.60.216.35
www.prolocosassidimatera.it Get hash malicious Browse 157.240.20.35
3K5vNYYpLG.apk Get hash malicious Browse 31.13.84.36
198.54.117.200 Get hash malicious Browse 31.13.84.36
signdoceKS.pdf Get hash malicious Browse 185.60.216.35
portableapps.com/apps/internet Get hash malicious Browse 185.60.216.35
investips.my Get hash malicious Browse 31.13.86.36
wndnoodverlichting.be/?a Get hash malicious Browse 185.60.216.35
14452342.js Get hash malicious Browse 185.60.216.35
668923647.js Get hash malicious Browse 185.60.216.35
https://gitlab.com/anasilva1fui9b3qx/0800/raw/master/Dezembro-vivo.rar
Get hash malicious Browse 31.13.86.36
core-tech.com/Corporation/En_us/Invoices-attached Get hash malicious Browse 31.13.92.36
www.radiancemetals.com/...... Get hash malicious Browse 31.13.86.36
WestpacOne#Statement.pdf Get hash malicious Browse 157.240.20.35
dicor.com.pl/c5 Get hash malicious Browse 157.240.20.35
1Love_You_6332472-2019-txt.js Get hash malicious Browse 31.13.75.36
www.egtenterprise.com Get hash malicious Browse 185.60.216.35
https://www.truesyd.com.au/000/Ovvice1/?VFSG!=Linda.Conacher@justice.wa.gov.au
Get hash malicious Browse 31.13.75.36
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
unknown request.doc Get hash malicious Browse 192.168.0.44
FERK444259.doc Get hash malicious Browse 192.168.0.44
b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js
Get hash malicious Browse 192.168.0.40
Setup.exe Get hash malicious Browse 192.168.0.40
base64.pdf Get hash malicious Browse 192.168.0.40
file.pdf Get hash malicious Browse 192.168.0.40
Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40
request_08.30.doc Get hash malicious Browse 192.168.0.44
P_2038402.xlsx Get hash malicious Browse 192.168.0.44
48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22
seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40
Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40
QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40
pptxb.pdf Get hash malicious Browse 192.168.0.40
unknown request.doc Get hash malicious Browse 192.168.0.44
FERK444259.doc Get hash malicious Browse 192.168.0.44
b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js
Get hash malicious Browse 192.168.0.40
Setup.exe Get hash malicious Browse 192.168.0.40
base64.pdf Get hash malicious Browse 192.168.0.40
file.pdf Get hash malicious Browse 192.168.0.40
ASN
Copyright Joe Security LLC 2019 Page 11 of 80
Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40
request_08.30.doc Get hash malicious Browse 192.168.0.44
P_2038402.xlsx Get hash malicious Browse 192.168.0.44
48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22
seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40
Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40
QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40
pptxb.pdf Get hash malicious Browse 192.168.0.40
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
9e10692f1b7f78228b2d4e424db3a98c DOC1212122211111.pdf Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://cardinalhealth.finance/disribution/ Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
here.skynnovations.com/availible/ Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
www.bit.ly/uBbdpe4BxwwuRFnfWgrj?dyu=pascal.martinet@safety-cuttingtools.com&&25.63.34.80&&cc0_34k3=safety-cuttingtools.com&sr=pascal.martinet@safety-cuttingtools.com&NOI8E6JE=safety-cuttingtools.com&sc-3d=pascal.martinet@safety-cuttingtools.com&&7165&&cc0_34k3=pascal%20martinet&YY0G3FG=safety-cuttingtools.com&sc-3d=pascal.martinet@safety-cuttingtools.com
Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
store.zionshope.org Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://ware.in.net/pro/Onedrive/index.php Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
Updated SOW.pdf Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
www.egtenterprise.com Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://www.truesyd.com.au/000/Ovvice1/?VFSG!=Linda.Conacher@justice.wa.gov.au
Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://www.truesyd.com.au/000/Ovvice1/?VFSG!=Linda.Conacher@justice.wa.gov.au
Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
JA3 Fingerprints
Copyright Joe Security LLC 2019 Page 12 of 80
www.zionshope.org Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
Invoicepng (1).pdf Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
Review.xps Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://lootart.com/qtext/ Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
meadowss.gq Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://nameserverip.xyz/sgn/D2019HL Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://orlando.in.net/G5?POP!=jmarker@ckr.com Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://angleshelf.sharepoint.com/:b:/s/ShapiroMasseyLLC/EZ2wTj09HkpIouJm6biidOwBQ1TN1ia5jLFP6D3lYHu1_Q?e=KJ4ytm
Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://thedevcomp.net/pop/login/index.php Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
https://tryanmcv.com/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
Get hash malicious Browse 31.13.75.12172.217.168.3331.13.75.36216.58.215.22569.16.220.44185.60.216.35
37f463bf4616ecd445d4a1937da06e19 DOC1212122211111.pdf Get hash malicious Browse 69.16.220.44
https://ware.in.net/pro/Onedrive/index.php Get hash malicious Browse 69.16.220.44
8tu1gpC32.exe Get hash malicious Browse 69.16.220.44
meadowss.gq Get hash malicious Browse 69.16.220.44
https://nameserverip.xyz/sgn/D2019HL Get hash malicious Browse 69.16.220.44
_2019_2016_11_05 PREVENTIVO GIULIANO PORTE CANTINA E BOX 210.js
Get hash malicious Browse 69.16.220.44
https://thedevcomp.net/pop/login/index.php Get hash malicious Browse 69.16.220.44
30Love_You_2019_42213448-txt.js Get hash malicious Browse 69.16.220.44
https://shallowbird.surge.sh/?r=q9PSIsInZhbHVlIjoiaWFKZjhxRytHM3paQWZiQTlPSFp4ZHYwbmllbXpEcGtlU055XC81a&u=YnVzeWJyYWluMTVAbHljb3MuY29t&e=dGFsYmFub0B3b3Jrc3RyaWRlLmNvbQ==
Get hash malicious Browse 69.16.220.44
Thankyou-Receipt#98415483.pdf Get hash malicious Browse 69.16.220.44
45doc1648x.exe Get hash malicious Browse 69.16.220.44
https://hot-men-spot.com/?u=bp2k605&o=xyzwzd3&m=1&t=jumbo8
Get hash malicious Browse 69.16.220.44
https://bab9000.ddns.net/k5 Get hash malicious Browse 69.16.220.44
11#U043e #U0437#U0430#U043a#U0430#U0437#U0435.js Get hash malicious Browse 69.16.220.44
Match Associated Sample Name / URL SHA 256 Detection Link Context
Copyright Joe Security LLC 2019 Page 13 of 80
thyrsi.com Get hash malicious Browse 69.16.220.44
10#U0434#U043e#U043a#U0443#U043c#U0435#U043d#U0442.js
Get hash malicious Browse 69.16.220.44
3#U043e #U0437#U0430#U043a#U0430#U0437#U0435.js Get hash malicious Browse 69.16.220.44
https://spleenzhudson.com/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
Get hash malicious Browse 69.16.220.44
79#U043e #U0437#U0430#U043a#U0430#U0437#U0435.js Get hash malicious Browse 69.16.220.44
18#U043e #U0437#U0430#U043a#U0430#U0437#U0435.js Get hash malicious Browse 69.16.220.44
Match Associated Sample Name / URL SHA 256 Detection Link Context
No context
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Dropped Files
Screenshots
Copyright Joe Security LLC 2019 Page 14 of 80
Startup
Copyright Joe Security LLC 2019 Page 15 of 80
System is w10x64
AcroRd32.exe (PID: 4700 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Proposal2019.pdf' MD5:
84E2B28A5B7221B3AAB82CD7CA4D6619)AcroRd32.exe (PID: 2512 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Proposal20
19.pdf' MD5: 84E2B28A5B7221B3AAB82CD7CA4D6619)RdrCEF.exe (PID: 4408 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5:
C4531F5D235167293675FF6CE5472440)RdrCEF.exe (PID: 4036 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --disable-pack-loading --lang=en-
US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x8086 --gpu-device-id=0xbeef --gpu-driver-vendor='Google Inc.' --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --service-request-channel-token=FFA7521D795E3804FF05BD02D82FA356 --mojo-platform-channel-handle=1664 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: C4531F5D235167293675FF6CE5472440)
RdrCEF.exe (PID: 704 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --disable-browser-side-navigation --dis
able-gpu-compositing --service-pipe-token=3F4DB22DDF2BDAD7AAA56DA1FA3098C2 --lang=en-US --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3F4DB22DDF2BDAD7AAA56DA1FA3098C2 --renderer-client-id=2 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job /prefetch:1 MD5: C4531F5D235167293675FF6CE5472440)
RdrCEF.exe (PID: 4448 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --disable-browser-side-navigation --dis
able-gpu-compositing --service-pipe-token=38EA98890F0A7C481CB832DA21BA7CBE --lang=en-US --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=38EA98890F0A7C481CB832DA21BA7CBE --renderer-client-id=4 --mojo-platform-channel-handle=1996 --allow-no-sandbox-job /prefetch:1 MD5: C4531F5D235167293675FF6CE5472440)
RdrCEF.exe (PID: 5196 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --disable-pack-loading --lang=en-
US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x8086 --gpu-device-id=0xbeef --gpu-driver-vendor='Google Inc.' --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --service-request-channel-token=C6B8DE71D474DFAEDF782A78DB74CB19 --mojo-platform-channel-handle=2008 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: C4531F5D235167293675FF6CE5472440)
RdrCEF.exe (PID: 5328 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --disable-pack-loading --lang=en-
US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x8086 --gpu-device-id=0xbeef --gpu-driver-vendor='Google Inc.' --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --service-request-channel-token=386DCD2592ACCE2DC4D0A17AC5491DFB --mojo-platform-channel-handle=2008 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: C4531F5D235167293675FF6CE5472440)
RdrCEF.exe (PID: 5432 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --disable-pack-loading --lang=en-
US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x8086 --gpu-device-id=0xbeef --gpu-driver-vendor='Google Inc.' --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --service-request-channel-token=1D13F00E7C8D7773A02D86A9A59E19E0 --mojo-platform-channel-handle=2456 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: C4531F5D235167293675FF6CE5472440)AdobeARM.exe (PID: 5780 cmdline: 'C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe' /PRODUCT:Reader /VERSION:19.0 /MODE:3 MD5:
BD7AE0AFFBB3A6FD52D956A5694C8073)AdobeARM.exe (PID: 5496 cmdline: unknown MD5: BD7AE0AFFBB3A6FD52D956A5694C8073)
iexplore.exe (PID: 5832 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.brillianceautobody.com/*%26%5E%25 MD5:
6465CB92B25A7BC1DF8E01D8AC5E7596)iexplore.exe (PID: 5880 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5832 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
C:\ProgramData\Adobe\ARM\ArmReport.iniProcess: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
File Type: data
Size (bytes): 1562
Entropy (8bit): 3.700349945294377
Encrypted: false
Created / dropped Files
Copyright Joe Security LLC 2019 Page 16 of 80
MD5: ADB8E089AC28A33EEFED5CC238310C87
SHA1: 33FD1CB330C089D92662C83B834C502FCEB98BCA
SHA-256: 883BC95A720E7D6770BF9B76DBB256F3F75DAF6FB291DFCA8CFF6B0C0F513B1C
SHA-512: E9276A3E14244BDAD717240D98FE0ABF64286443EFCC23A16382204C4B2FCF972BECCABAEE4B160D21BCEC116C3FFAF9B500B8C2AAE1B18810269FB1E60870AD
Malicious: false
Reputation: moderate, very likely benign file
C:\ProgramData\Adobe\ARM\ArmReport.ini
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1Process: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type: data
Size (bytes): 296
Entropy (8bit): 0.48048783866246253
Encrypted: false
MD5: C75508706A6EE5BD173F744879915505
SHA1: C4FD72D2F3C56A0DE712E189EB955692631C7688
SHA-256: 34450D9BDB4042B2B4691035A3CF59A6550185EADEFB138B5E3EEEB4976D9D68
SHA-512: FE2E44F615EB185DB7007F56081F49CDBCF60F43BB371C20AD1E4A58B46C803B9B1D4813DFE2021AC9018626AFC51D9023D501137F3ECBBD0A078B7B0E1163E9
Malicious: false
Reputation: low
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOGProcess: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type: ASCII text
Size (bytes): 292
Entropy (8bit): 5.159015248092759
Encrypted: false
MD5: 67E45C41D896A667E5298513B0600F3D
SHA1: 268258DF406134587E4EE89282F2864231EEC09D
SHA-256: DFEB1AC2B6381E81257627A72DD13CE448CE31D47038EFB877B001668A5E4D23
SHA-512: FCC14D5A089BF04CCA03771E3CDB347562701F90012D2F7EC49631BEEA0A6C478D0AF60988C36CF392E380A4B4244788882ED6A5C30ECC05261F027FD4F291A3
Malicious: false
Reputation: low
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited LinksProcess: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type: data
Size (bytes): 786432
Entropy (8bit): 0.007288967095560976
Encrypted: false
MD5: 336C28F13C1112AE31FAA92B8C8ABB6B
SHA1: D157B3702F70AB4592B2A6CF8009E79914A38C5D
SHA-256: 1DDB4FE0D748439A512F161E89B0410DD4D7DD9D6EDF50774378FD7E2FA147DA
SHA-512: 807185E103B0B34716E24BFD84357A0A3DD0B4C34637E10DB0C103FBC9E8E2FE65333D11DD5175CB141DE1E6FBC52D956D694F368FBBD2C5DF55269E8F4BC869
Malicious: false
Reputation: moderate, very likely benign file
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-190312080710Z-214.bmpProcess: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type: PC bitmap, Windows 3.x format, 164 x -115 x 32
Size (bytes): 75494
Entropy (8bit): 2.7602343763071646
Encrypted: false
MD5: 56383B3F8431FBEFE1071ACDE6CFB828
SHA1: AB189D3AC6AB6B0467809DF55F88429D055FC1C7
SHA-256: B31844CC15644722969E2FE05CEF66CF27EA5026F1D55FF7CEE4B5F78860B842
SHA-512: 60D26112B99F3414D7D34BA2331805E61705216930B71BB3FC78153BD219DC4652D51DF4A951500BC7D8A643020881157299FAA946EB524E02E7D21644DA51E6
Malicious: false
Reputation: low
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesProcess: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Copyright Joe Security LLC 2019 Page 17 of 80
File Type: SQLite 3.x database, last written using SQLite version 3024000
Size (bytes): 32768
Entropy (8bit): 3.385095979287055
Encrypted: false
MD5: 89F35EA569E48EB6835E1368AF6EDF1E
SHA1: 1D00E8BA3EF07EAC10114EDE9C86EB1C3B0A09AF
SHA-256: 4CABC4A32B2D3082AA6B4086B772E3470C66E1B425CF6EB502A2AD035DDC9E52
SHA-512: 40642A13F367B39141F910EAC0721E853080963930CF41CD0AB4D835D39E3E7986B65156797A505289848EA52090F452E72BF740EB352376CC79C40064862178
Malicious: false
Reputation: low
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journalProcess: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type: data
Size (bytes): 34928
Entropy (8bit): 3.2001371616463397
Encrypted: false
MD5: 44F2450D6C9E83DA9042970AFD12CC19
SHA1: 7A441B2870B0AD78EFD8ABBA9264B5020EE235D8
SHA-256: 00C53CB7CE3B9E3E84C2D13DD9FFD53315934D3C4DF128115A8C11F9D6126820
SHA-512: 688C7F4FF25FC0FCE40A84CE7CE45108FAA3E6125DACCCDD9F3E1BCD70A687049214765E319F63BA7CC39EB1C040E10031E04903117FC0D240FF0AD8E5242900
Malicious: false
Reputation: low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E9ACF2FA-449D-11E9-AAD9-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 32856
Entropy (8bit): 1.845109983741054
Encrypted: false
MD5: 326A1073160F0713266179B661A51ACC
SHA1: E0B58EB11CEF9760317D16077406917336315C30
SHA-256: B8F3D758505316A6C426DAB7EFFA8CE6CBF68F0E197426D014049607B26592B1
SHA-512: AFA145B332D5CD2847B4148E31DE61178DBB51737655F40AA88FA2136E8FB7D6B3556054C431F4CDA08F73E82DFD8FE2B1941545DF7F4549827C9FAB224FBFE4
Malicious: false
Reputation: low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9ACF2FC-449D-11E9-AAD9-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 65966
Entropy (8bit): 2.879413548303282
Encrypted: false
MD5: 7D7BB2F3F64281F2DF585BB3DD16FAB1
SHA1: A5750A8D47CD283CE0F985B4AB4688A57CD83B0C
SHA-256: 400810F9E202A9823A661821CF6C46919FB3974B4319D255A435D266AE822338
SHA-512: 3A3C4BF30CB5999AADE227D138F268E9475FBCC019386FB5DD4ED423A873736161BB3C3CEFB066ECC394E7A9536894E93859F4F8C6FD7C2AFB4496CF5F8C977F
Malicious: false
Reputation: low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F251AB0F-449D-11E9-AAD9-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 16984
Entropy (8bit): 1.5672678598848355
Encrypted: false
MD5: 3A04DEF394116E29E00681A2CED2A45E
SHA1: 3E7A898063017D7CFA6F510A43179CFBFC4A37E9
SHA-256: BE7F0198D6F30B268F0F78E3BE1CE212547DD8032FD0992B81EACAF11EA67D45
SHA-512: 48DD4840552507DCA5F7CF5361942C64256D5D75CA5B715B31989D73BB5C5819BE2BB126710D2AA579140B73AA3D094A489AA072AD80209FACA23D25FD9AA952
Malicious: false
Copyright Joe Security LLC 2019 Page 18 of 80
Reputation: low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F251AB0F-449D-11E9-AAD9-C25F135D3C65}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.062832520893722
Encrypted: false
MD5: 7FB63EC74AA426F6454AC21FF093C264
SHA1: 7DD9A620C134688F7477ECFF8F7812FE665EF890
SHA-256: 04621AFF08A7E70DE75CEF20637F581CC2C1B27CB4F531A941AC0777E25705DB
SHA-512: B7BBE5490A64AB0E7714D065480CD1F91C40FCB07F1A8CF473FF77B82F75C6C8B4C64750FB926C6B4681AD38821BD253A96821C6F2C4D8037617B9A55EC1832E
Malicious: false
Reputation: low
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.072984393336428
Encrypted: false
MD5: A5428CD68A42578FEAE62C21F6A3E382
SHA1: 4B4EEB9008C87F6B717CE77B4FB046342BBD0FD5
SHA-256: 3877E2B364495747600B151DA621F7E76327D47813C44D7120673B81FED2D029
SHA-512: BE6B85BA890EDCB75E996C0C7BCC5996DAA58032C24A46D1E337E6CDE0ED5A2E62437AD0A4F634514D365F9AA49AF15FA3B7FF2A10F9589AD1CC12B39DA48783
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 662
Entropy (8bit): 5.071414918175127
Encrypted: false
MD5: F9E93B400FDD9DE048FFC3363A95388F
SHA1: 5E00C7B0872C70EDB8357B7B26B6CD01DE74D266
SHA-256: D2DE13B414AD2453F00E0ADD9273C0FD7DBFFC0649C2A94B3A2BC648343CFEC5
SHA-512: 9DADD6592D3BD5BCDFCF1F00A69A39761AD743105FF1DD55302AF07C980074B6C36CC196B61DA42B02CFB4BE316D1C821ED03B725A98A5E7070A0B2FA189D9EF
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 647
Entropy (8bit): 5.090318754288179
Encrypted: false
MD5: 38146A6998AF35532AD776E869439AC4
SHA1: 37E768B56B01F5B6C21C043EAC737D93871EA11B
SHA-256: 2B6104D62554718EBEAB3E402BB34F5B68258BF602250E3EEF9D88EA58E441C0
SHA-512: 5F02A2BF7558D6D8E1F47D4F1E9331A51054C9592BC1CFE813CE7B34FF705F21DAD4F66646E434EC154C9059A65D255816672C129275C074A2B7C9CEAD192D31
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.126228966395198
Encrypted: false
MD5: E9D1379850F01CACDAFFE7C718B32D75
SHA1: D9A7AEF5518AD5B245239784212C991E46FB2077
SHA-256: 7081CCF604A51E8D62F73859FFD1A667178700DCDA1153280C8960E38613DFD4
SHA-512: 3C07ED4CE2A0A0AC6E254077261D59EF9138C104F6E588894559111B03EC8BE2DC34A69E4A5F5164BA28ABBDACC0D809C20EFD0D15C5201678809CBF34E15AF0
Copyright Joe Security LLC 2019 Page 19 of 80
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.059632880601838
Encrypted: false
MD5: 4D2AD0C63CA54DDB9DCCF7C577466E36
SHA1: 29E2B435BD8129E1D9A017EA53D1F9238210D4D5
SHA-256: 650ECC30F6D4C0BC7A3536B918B9DC219E8A42478A26E3E16FFE40ACD1397BBD
SHA-512: 9CC5EC7F4A3A7A1D1FDA99244C9B453579A2D33B5E03A58D2DEDE29CBA0BB0FCEB7A85E2F683FA8B8CF2F6EE96F737E56C6D19FA9A05C506B6973DEBBD65151F
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.122287626458612
Encrypted: false
MD5: 7C0EFE965AF8D62489C54129D8D97084
SHA1: 97F1F2D5FCAD4A8FC14CBBE7F428EA0C5F08A1B2
SHA-256: 22E1FFB5A0349B26F19496B853498B28191863BA24056B3D42C97EAAD21C7ACE
SHA-512: 625C48E8F12E578B27B1DE712C09267217A83748ACECA82DA896915BC0F17E2DFAED75E2B0BE5D3378C092D352447857CB1AE4C63CF5A095F0D7C4674A45F178
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 659
Entropy (8bit): 5.127137185876694
Encrypted: false
MD5: 5A450B06B843433C41F0EFA782C0A0B6
SHA1: 452B91E40EAE14CFA51A86C986C148AA4439B656
SHA-256: F0ED0F6A34BDCD35B2BABA18BEDA7225713CCD4B26CC549FC6D4783E6B53EFF8
SHA-512: 05F56282F5B25D025FC26BC04E787B2B75FCAB002A63A5076888EF4154B7C4572AC897875AE35940C58D7D4B3DFD6581BD1E9DD1E6D11E339D737755A25B595B
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.106704849071445
Encrypted: false
MD5: EE076D23F270F908B1613945B4301B21
SHA1: DB833F2AF20B7CCE8738689DC327413DCDBD12F7
SHA-256: 745F6A3C51D012E0187EC82B0D9BBE84414CD08D070C28BAD76B74217217E8C3
SHA-512: C515D3559CE32D5C433B0A28973DE9636634586989316E783DF56C12DFD3C225F28EA488DD9828E7098B8DAD6897BB2E2A766CBDD13BA5F10D15E1568F66AD96
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 5728
Entropy (8bit): 2.715390313837372
Encrypted: false
MD5: 488DA3823CCF3C11B957081252E515DD
SHA1: 4C813BD54DCCF641D0E88DA2A1F8E3692D6E0E49
SHA-256: BA1FF16A0CBFF92003F144F227221CE7F305141173286C21E8B9984DAD866FB3
SHA-512: DEA9AD0476EECBABDE8C0895A4A0FF0D403EC72395CF88550D7E1C60AB31EED46EF01A3EAD3D408722E58427B9C189EAF0BDDAE538BBCA20E659E70F5C67B379
Malicious: false
Copyright Joe Security LLC 2019 Page 20 of 80
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\-LJK2BQVfs9[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 33552
Entropy (8bit): 5.365968253004156
Encrypted: false
MD5: 2165CD71C15BDD77CE5F5C54A33AD211
SHA1: 6D6FCEC524C99086AB4A0D0724FDB3B7EED6A16E
SHA-256: 61B2575CF5EC2022E02FB703F784238D6C07EA78783AF4297D6F7883581FAC85
SHA-512: 9336264C1B12ED03FDF12F193CC5B2B7F613BD1AD0DB19F55AA8954BA47BDDF3D5B82C468DDD9B8A88BEE5E37F4B2A436EA87A5422C3D5E9C8508ECD817C4BE9
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1BjrYUERys4[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 501
Entropy (8bit): 5.28729009900986
Encrypted: false
MD5: 2AEEDC17BC3E604B70F86052C56C481F
SHA1: C864A4662A4C8553BAAE0D9023A01E7DF12DE4A9
SHA-256: 64199AA4F2606E2941D860FBBFD1F8490BC6E32C68A85C4DAC316B05AE65DCF7
SHA-512: B74457D57862C6C949417ADC4F678971A683CF5A7D60EE70FEA8465048FFCF3E6B6CF1AFF01923EE0C1493DF1E63008800E21A404C3AD594098C1B0D25B048B2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\248579_225570307454846_74079_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 52x52, frames 3
Size (bytes): 1629
Entropy (8bit): 6.893994074119794
Encrypted: false
MD5: 7E8B570B5CB628500791248941BD84D8
SHA1: D38CE43B1F734E81BE7EF255A10A980193686A08
SHA-256: E2C2F2197F82B82A035817804D3C0FCA329E3D974DF2A997E7E88B1796A4968A
SHA-512: D8A22A8607BDA577AF8690A14DB588185AA129EA4D3180F492D785A20AD55331D3707F88096CFE5A9A0E46FB6DD1D4908DF98DA0B98CCAC526AEBC88D1278005
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\292957_401782133165963_1727613084_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x251, frames 3
Size (bytes): 19840
Entropy (8bit): 7.899627877476775
Encrypted: false
MD5: 6B6AA5AB5F09CC4DFD88C2F7549573DB
SHA1: EB79CB1CC6CE0B23AA7D9D81F4110DA3A7B47B4E
SHA-256: B5CB6866AFE938EFA1C747CA230BC51D65294BAA6BCB361B3A7A23BF25BB1DDD
SHA-512: 7AA3630FBA7D532E13AA9FFB9CADC21E087D2B2ED8D60F40A24C6DA2F300FD8BF16BE477FEFC124831B8E143AB106592432D05466189F352DB7395FF994C6133
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\29511555_616750658664236_7747399957820427565_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 56x56, frames 3
Size (bytes): 1768
Entropy (8bit): 7.096147135960171
Encrypted: false
MD5: 7A73AC2E1BC55869A48CCE63DAEDD713
SHA1: BEDF428CC1DC93058A96510E179D16034DB1C670
SHA-256: 0A03361185FD2054FC3317B5535B0C1DD13EA6DCD02CE0B2B7856DAC766E7786
SHA-512: 0F23C4CBAC1BC69F07FF7133BFF6923D506BF6952A0C22885695A765749907881CF27C02CF54D20C5F642CF4F95AA355F1AE76FE92AAE5BAE8E412A5F53F6FF9
Malicious: false
Copyright Joe Security LLC 2019 Page 21 of 80
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\2sDodkAi-p3[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 582836
Entropy (8bit): 5.474867429151987
Encrypted: false
MD5: 04BACFF5E19875DC308CE03F8D6431A9
SHA1: D92EB4373F056415D9589075D904CFA3E251F41D
SHA-256: 38000D5BBC10A441ADAB29320F3EE8F6A64B43F413B9842FCEA4791562CB3A6D
SHA-512: F5357C61D01669302CEABBD3BD4477396B7D11EE66DB64766A581F247287E630303515D35201AC7D1B563D6A32070C73D9359D99EF9BCD1ED935375BA086EE38
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\30221661_1701991579888976_4736485484442681344_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 56x56, frames 3
Size (bytes): 1710
Entropy (8bit): 6.970681867451416
Encrypted: false
MD5: 043CC02A6E58B453D4B385045FFF11CE
SHA1: 7CA83045D6740A37633E177A5DDF8266DD20D012
SHA-256: 6BCC1517CF68CB98B45A1EBB07A1CD513CE3E729E108609A3DD9D2E573420ACA
SHA-512: A37E34F115333C8D20EDA2659F23FEB97AA1E50FC1A71CEE4B8173744A789820B6D53BDE423E2F7231CAEB14B63A6AD89E0F73D14413CA4EBB9CAC0D15B12091
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\32423116_293768954494018_8665173129011658752_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 56x56, frames 3
Size (bytes): 1655
Entropy (8bit): 6.981175956771899
Encrypted: false
MD5: 50CA8986FC9FBAFF75A366788EE626CA
SHA1: EC27012F3E03E5C27D0F295BAD7E8061D3D165BD
SHA-256: E768EE42544704C6A0C186FFE5C6C09188A939E6DA141F3E5314BB5C993A9A59
SHA-512: 25D0620DA265D3806EE1DB8B42015009C7C16D46F0F4529A2151C4569C713EE1CBE73AE4C7801B6FA5CF296CFD891503D54BCAF3B64491244929F44098893110
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\34258588_526847127711380_4187850386435997696_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 56x56, frames 3
Size (bytes): 1748
Entropy (8bit): 7.008598243693517
Encrypted: false
MD5: 382070A304CE0EE5F053530BC0827E71
SHA1: 413F1C147F8CF5EF3489469050EF2594D3A2F600
SHA-256: E421F1132C2C87FB74F622C0E7D2BBF90A117172A6379742C162AD506C087495
SHA-512: D3AA6575CB4AC1BF3CE18E850681059194A88732338762837206BC54B56AE4329F86EDE44B76419168EE08EA7AD8503595C69301C4C5CFBB4B9D2055B71B59E2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\36636122_900721047596_7943235533675692032_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, frames 3
Size (bytes): 2162
Entropy (8bit): 7.3323333004541125
Encrypted: false
MD5: 06E7DD5D45C50074A77E5BEBCFA8ACEA
SHA1: 4ED52E6211FC08AE883E2466D2555CAED5C16C38
SHA-256: 1AE26B48325CCC33E1580511314CFB5407211497EDF7D873D0E52AFCED98FB6D
SHA-512: CF75E23E35CD44AE6D5B69B2374B9950201EB6A465092E845DB4041B598E34FAC554608BA0C5CF925F9071644FC7A5FA17CEF4FE14444D39CBD1B435C0F4B452
Malicious: false
Copyright Joe Security LLC 2019 Page 22 of 80
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\38l7hGbpa1-[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 20661
Entropy (8bit): 5.37782267702894
Encrypted: false
MD5: 15553A1BD82B476BD344A8A848D3EAF0
SHA1: DED79E8F0EB014ECE13B1D0B7703BF852E866BCC
SHA-256: 071CFDA4A7A4A8BD5F84C14DA72D6ED1EA30C28528FB7EB888131E3BE364C54B
SHA-512: 54B2D2113DE6C92A0A8AB6E1C719DCECF660A32E220712D5B4FC4AC4875550378C388B1908C0D7310E0C117EE6CE0033160EEBAF479F7CE066EF1C16E5477681
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\3jZoQLdKWO6[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: exported SGML document, ASCII text, with very long lines
Size (bytes): 95337
Entropy (8bit): 5.345559032964215
Encrypted: false
MD5: C2E1CFBF249ED83C54EAE07DB00C90F0
SHA1: B22E009AFAED135719E202F648624EF878EA36E6
SHA-256: 7FEE6688E50D525C4D5711184B7E6C019B308B0596D018839FD17ED13C814D4D
SHA-512: 4DB3BA12B62AC5CC599609D5E1BDDB291889C4489A2C8F8CB547BE29F2BD742E92B1362A9DFD9B4DD307A0289880EEF73BE7D43465E77A87CDCAC4977FD49E36
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\46498273_10213394437715426_6848830037899083776_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, frames 3
Size (bytes): 2346
Entropy (8bit): 7.377310092536894
Encrypted: false
MD5: 10A278D45C1D52DEB8533AB5EB29154B
SHA1: 54CE7E72AA4FDC821039810D507BEF80D7AC983C
SHA-256: 421D52D7BA5D0B1DA2400CE8449E2AEA5254523E4DAB4AB9F53B5BE2E9ED7098
SHA-512: CBEA2339362C6CC5D3683FA4218D55AA1C88880544AC2EF26450864E211BD0D50C35C84B43D8AF415009E7FD1E9F0030B6FD43DE65CBC7124DF15B7D0C60AA67
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4c56_sYLseJ[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 7859
Entropy (8bit): 5.54350323909406
Encrypted: false
MD5: F4866AB1ADFA9453123750474E847BFD
SHA1: 451B5A757481EC4DD62A8C1A7340A991BF19257E
SHA-256: 4101C3C791E7D47C74E944A4F560CE64779CA7301D787584E7971D89B3B495A4
SHA-512: 24751596D9A1BBED6F6B8D5112269964652C2B3EE44C029C64183D1077C31237E8B72F095A1291DFD5D30D383ED5DB5534D38AFD2D174403401D03C12CD84B81
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4qiw4kTMmtF[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 145733
Entropy (8bit): 5.443980486666358
Encrypted: false
MD5: 6300190D6BD124D85D925DAE823FBF06
SHA1: 0F06B0C6029840A5E974BA263422B6919F003E7E
SHA-256: 6CF171EAC115D76C10739C3782BD542F683B13BC3D911F4765ED133328BBD477
SHA-512: 54FF35E6A8C9DF34D6F91DF984CE73EC02ED612E0CF550C1EA626EBD0F47E3A76F372D37AA5A2EE46D80FAB099BFA99D1FB6D46359669F19FD4CF1A6D66DCBAA
Malicious: false
Copyright Joe Security LLC 2019 Page 23 of 80
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\527882_412181228792720_839570167_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 261x195, frames 3
Size (bytes): 13723
Entropy (8bit): 7.883691974614704
Encrypted: false
MD5: 4C6AC4261DA2A2F9F8F8BAA63C234582
SHA1: 540205633D6B4C065A573B615FE4CA779630B4B2
SHA-256: E7185BD86F561BA7C17CB15D044CEF5D9D57242A22235A63DCD6C560B5A698D2
SHA-512: 9AFA9DE2A8F4D4098A815C38A0CF814BDF14C21FFCC9A2E34DC942BD3D7193D463952096061B11A08E18D17395F1DFC444880F439BC0D2089F7FB4B2E1499338
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\535820_412181108792732_1520280421_n[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 157x118, frames 3
Size (bytes): 5737
Entropy (8bit): 7.620929322345476
Encrypted: false
MD5: 3E733A26692ED3AE163DB91D494D91B3
SHA1: 00913039D6DCEE71CD9FC9BABB85D7FFBC89FA81
SHA-256: 4241AD0FE9EC02A4A79F2E35D3C086BBC750185F2E324D79D00E37D4A2D11AAB
SHA-512: E25D842F44B50306EE165EB347C0EC916EA65DA889A4B2CA85A269A0C5BB423AED0A33351642F490BB4B7D8991214FE0476972F8808C61EF736E3DC85FA8C84F
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 31400, version 1.1
Size (bytes): 31400
Entropy (8bit): 7.983350930780845
Encrypted: false
MD5: 76F9D1F2C4700F8A5C5947F7A2D0EB25
SHA1: FB36C8136C30DEA6F8EFBC52294176E1285156C5
SHA-256: 441476CD0197BF32E025C94C8A5FBF41C268FB5FBE24B4A01A43DF91030374B4
SHA-512: DD6AD29683CC2F6CD1B27824F8AB12B1EE697B6FA73DA66752C3C4244A9BBA19CC2379F780D586030153261007759F8CF31220A9CE0186192E7E55BBDCC5D04F
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRdo[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 31032, version 1.1
Size (bytes): 31032
Entropy (8bit): 7.9830607466481665
Encrypted: false
MD5: 85DCEEFADE7C6156CA1C0622858503B3
SHA1: 1977CB7DD5388B6ECB9D81E71D74F0F405D9D1B5
SHA-256: 731C65D557A145E26DD689CDBCBB8E7EDF4E470755F977A416779FF2221BA92C
SHA-512: 4F0D403AF3E056076E6C7388B7010BCDD8A091DA3CF1E024C1FD1B08BEF564836A1C0B87C338371DC9522357C56C3E45913777E07638794F0B7D904B700E6739
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwmRdo[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 30108, version 1.1
Size (bytes): 30108
Entropy (8bit): 7.983620304905306
Encrypted: false
MD5: 21BD9B9B08B025A6BD366C7EE4E473F0
SHA1: E8C6A513D60ED6542E730F74FEDF29D534A88643
SHA-256: 4C7F5B6BECBBE7E5A6CDC453987585B9D1A29029FF21AA3CD2E0FA6F42D5B7C6
SHA-512: A4A459456D93E3357E50F681C1A992679D9C64D10F73B274D6AF1115ADBFA10088EB14A227DC33D210395BBCB9377715177DA20B22B88ED05CAF0B2DB58ECC17
Malicious: false
Copyright Joe Security LLC 2019 Page 24 of 80
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\7vADDXl_k91[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 188540
Entropy (8bit): 5.398142874746179
Encrypted: false
MD5: E14B1324874E1E1A185626015830926F
SHA1: 029514FD5A49EC320366C451C93050228C4013BA
SHA-256: 483B547A0E6050E8F410658887B3B3E07430A9D1A16EAAD87FC29A6833C71A37
SHA-512: 321A7664AE074679D5806220597BC1850457DC2B8F21159EC00623AD7AEB2338A113F8F784637D25B4003CA6D07929C3493FBC1A07FAC00CB8B60638F9887233
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\9FLOgLL7bLc[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 72213
Entropy (8bit): 5.308127740636694
Encrypted: false
MD5: A3E5578E0D447362DB53837E1E377D30
SHA1: 555378556907D7423482D6207728C55EAB83FB80
SHA-256: 12DDC56011FFBC48A5F8619B4591B9ACDBA5F415608606CA203924446DB0A0ED
SHA-512: A61FA9914898694F4F35ED1B31963724DE4659AC0A93EC24E0C08C389B8FE7182733D4C71E360A6689A523A58C0D935F9ADF5C1AAA3FD0A63509585C1CF5571C
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\9ULfDraatNr[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 32963
Entropy (8bit): 5.354745918056248
Encrypted: false
MD5: 385651D0EA42FD00EBC2C6276A7599E5
SHA1: EEACB37219CC095FC2E264C10C66745B2813F23E
SHA-256: B730153BB4111463DF0686A54D0336A515041756B004F229650035D5DB6124EE
SHA-512: 92EE78BB7604606528679E2C2FF27D5F51458E42ACD0CE1A90AC32E8A12913761CA55BF78E551CB0237B39B3CEE1607727D501EFD66573DD6122CDFE6CE57193
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\B0B86NHh0ev[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 201538
Entropy (8bit): 5.31505845510242
Encrypted: false
MD5: 7812AED0144496A3A57AE934CE1DCC3E
SHA1: 4A023B399C88A0C4530061BA0A5762D5C40431AB
SHA-256: 4FEEC7B0C7A0F341609D1A0F69AC6D3D41BC9A7E997FCD1A0A2D4CB63EF1CD2D
SHA-512: 89000F25D7AF4487FC030D21A67B6556C5AD82D2F1FE84CD54A1AFF337DC546A9E4DDDCD28E052C0EDA44CA38E9651B21E239224387729D902802D72B38F07E3
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Bx0y-TvWZp7[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: C source, ASCII text, with very long lines
Size (bytes): 70755
Entropy (8bit): 5.442179251856951
Encrypted: false
MD5: 024BB507DA014451E0E6FB3237F83221
SHA1: 96C8C17F10B3AA9EDA09EED3B2272B8A21A729F7
SHA-256: A343C07730E49A022295EA5560DEAB69FEEB9DF90956E5B6220AEBBAA575E71F
SHA-512: 7FF077D8714792B06FF37192E587C11325AEE944FED25D3F332D113149602D67FA1AC970E55EC773043C6DC60E73A7AD13F24E0727073196EFC1DA0411BDC7E8
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\D__hj-r-65c[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 25 of 80
File Type: PNG image data, 64 x 265, 8-bit/color RGBA, non-interlaced
Size (bytes): 11805
Entropy (8bit): 7.965459944284006
Encrypted: false
MD5: 84BC81C0E338CF40B0F22999A2D2DC4D
SHA1: A964F8395F84DEE99E37BCE5236C97C419B61137
SHA-256: 924B6E4C794EE05094BBA452CE1D4B166251E7AF9FAC8163CF86C67C57BE3F84
SHA-512: DA237FFEFED685B668EBEC292F3F2FB21F94CEA30ECA67D716C2D1EC539756BDA00D10DC7AE69D41F6F5CD687BDB4682957332E1D55AB3AC7766327865B51068
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\D__hj-r-65c[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\FXtwOdxqySI[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 69202
Entropy (8bit): 5.933184389159609
Encrypted: false
MD5: 4AF1B5A27E724DFBDDC0C9E0F05E7970
SHA1: 157C0AF2BADDB7698C75BBD0D31FADB2C2905368
SHA-256: 7ECD79D0F1A1FDF8F193F45CCB3B0DF4F30EC5EFCF18B10AE81B837134D096F6
SHA-512: 19AE5B6F99F6F2571D776BD8BC5B79A4421183548F1226523894FEE8B9109AC7351B3D477FEE98CDCA6F00FBA3B739CC9BEC7B35FC65F6656FE967027FD76BEF
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GFvYT8ynghZ[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 122016
Entropy (8bit): 5.399771806884227
Encrypted: false
MD5: 1014993D5DACA12B0BC189C4DAA1CF2A
SHA1: 4567D09CFED72FB30666AC82558EB61E4463B31C
SHA-256: CCCE4F4C7D3F2247E716735D4E37371F9CAC5BF7E9006417EC4FCEC7AF27AAA1
SHA-512: 19E8B64F6459FC0A4DB64BA4A1444501A14065ED0E5E5EFDA136F8534CC2546F7D5FACDC2A5130428DCECDC83B1FA27065247069EE5CD471B8DDAC5B87996565
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GXV1S0CvpIB[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 831
Entropy (8bit): 5.184182132369027
Encrypted: false
MD5: 9F305E6F9D732BA2A926D1E40559869C
SHA1: 7A20CEE4E5D2149D3979B3FBE74DE8433300A7B7
SHA-256: 03F6B969219A70CD8CFF981A8BFFB963EDC970AB7722BA6DC29D7F8C892A6D70
SHA-512: 345D81DFCEB2DE166FE22D53B9E3BFDEA5BC00DCE9E92DCEF1A83C436AB5F8A4C72A21710E8639EAB5251B82D8E9CE7925E62ED91D36A4161AA3CDB068CFD132
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Is-bJ2hGLqY[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 31148
Entropy (8bit): 5.251750992317268
Encrypted: false
MD5: 822592E07B01D9FFD2179728C8C7134F
SHA1: 28B66C24E66C5F505232677593D2EEECB0F0A4ED
SHA-256: 6CCF4EB55727B3B057B2EA2EE53117DDC237C1F8B228D22D14511641BCEDF5C7
SHA-512: 5FA6901679095E9F9A891D1BF0AD5ABC3B7F312531A07D5E1667A320C7E6F805F6D1C48F4805D52F6044593C33094FDE1BFC2D1BBEBBBF5551FE808D5EEC6DD0
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\JDvEjBTmkmz[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 23 x 632, 8-bit/color RGBA, non-interlaced
Copyright Joe Security LLC 2019 Page 26 of 80
Size (bytes): 8772
Entropy (8bit): 7.951411296696966
Encrypted: false
MD5: 07C4A785119EAD2AC6D5631D0C942FE1
SHA1: 6C02ACD1A15D4C6D3BD68801FE1BA792E47216B7
SHA-256: FE9678FDE4DFB586A7708FCC43FB3D3B5D3515544FB1FC9523DF76B59A223E18
SHA-512: FCEF84B28E5A7A5E7143AC3454E34911315D544F50B0F9871370B386536B472B9F198D16BDFBF955F492CAB3AEF06A0B98BB5DAF6B9CBBA8CBC1CC1433682110
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\JDvEjBTmkmz[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmEU9fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20012, version 1.1
Size (bytes): 20012
Entropy (8bit): 7.966842359681559
Encrypted: false
MD5: DE8B7431B74642E830AF4D4F4B513EC9
SHA1: F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C
SHA-256: 3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
SHA-512: 57D3D4DE3816307ED954B796C13BFA34AF22A46A2FEA310DF90E966301350AE8ADAC62BCD2ABF7D7768E6BDCBB3DFC5069378A728436173D07ABFA483C1025AC
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmSU5fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 19916, version 1.1
Size (bytes): 19916
Entropy (8bit): 7.96782347282656
Encrypted: false
MD5: A1471D1D6431C893582A5F6A250DB3F9
SHA1: FF5673D89E6C2893D24C87BC9786C632290E150E
SHA-256: 3AB30E780C8B0BCC4998B838A5B30C3BFE28EDEAD312906DC3C12271FAE0699A
SHA-512: 37B9B97549FE24A9390BA540BE065D7E5985E0FBFBE1636E894B224880E64203CB0DDE1213AC72D44EBC65CDC4F78B80BD7B952FF9951A349F7704631B903C63
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmWUlfBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 19888, version 1.1
Size (bytes): 19888
Entropy (8bit): 7.96899630573477
Encrypted: false
MD5: CF6613D1ADF490972C557A8E318E0868
SHA1: B2198C3FC1C72646D372F63E135E70BA2C9FED8E
SHA-256: 468E579FE1210FA55525B1C470ED2D1958404512A2DD4FB972CAC5CE0FF00B1F
SHA-512: 1866D890987B1E56E1337EC1E975906EE8202FCC517620C30E9D3BE0A9E8EAF3105147B178DEB81FA0604745DFE3FB79B3B20D5F2FF2912B66856C38A28C07EE
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOmCnqEu92Fr1Mu4mxM[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 19824, version 1.1
Size (bytes): 19824
Entropy (8bit): 7.970306766642997
Encrypted: false
MD5: BAFB105BAEB22D965C70FE52BA6B49D9
SHA1: 934014CC9BBE5883542BE756B3146C05844B254F
SHA-256: 1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
SHA-512: 85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\LfTEAhER1lR[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 84577
Copyright Joe Security LLC 2019 Page 27 of 80
Entropy (8bit): 5.203491928979165
Encrypted: false
MD5: 14E378868E8B3F8F59CDFC46E47CC712
SHA1: B47A1D00EB6D1A827FBDD2CF3807051F068A56CC
SHA-256: 1718051C047F81F4DBA0191C78F38698976DD559CF49F65C55BA8E2AD306D317
SHA-512: 479918DA2DB88DDED08B92062AF69D2CAD900A992F4DB6FEA5641B3C8A4EAEE1ECA34E66444B13EA5FE16EF856FECAAC0184E309347592C8B5D5F6D260014465
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\LfTEAhER1lR[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\N2eBRcY4wPO[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 134868
Entropy (8bit): 5.399537296582914
Encrypted: false
MD5: 7C646A87B0CE038699347F6601C5FBD4
SHA1: C6F3E4B184F05A78B843102EE905A795FE9FC154
SHA-256: A873A1147EC5F7E80E32ACB2E4C606270FAFD5424823EFE42AE2E77CDABF6530
SHA-512: C8D3772FBB7BFF61E110E6A5D725D14E4C6FA40AF424E93BB9166CB92C47E644A1F69999759CE5D7D8C438E6C0463E0286D4A034A8A3E713A4C5C8D9B1AE67E5
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\N3K8GJQxI65[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 46252
Entropy (8bit): 5.29539932840812
Encrypted: false
MD5: CCEC14C793384C560E7537C1A6655569
SHA1: B72BB78964F56953587FC94F711D47A2745398E4
SHA-256: B0646A70A0241AC20DCA74FD0E4C6EB42B7F89878AC8DB8C26800B4716B4F327
SHA-512: F7C9C2BBF439C4257BD0C369E8544C848482F7009C93D198D7C89171FBD9CF64CA3293253D87BBF011B87191ED1C50B978529A9FA6F8EA0B8DC055FEC3EDAD63
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\O-nPVowGdVS[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 42272
Entropy (8bit): 5.438192335229081
Encrypted: false
MD5: A0C1F89AEB0E91BEFD97F5CC37E36F52
SHA1: 62074A8112EF561F833058636A59288FAC24A28C
SHA-256: C3A40E344A60794834C2AB784C1E5A5A56269BBB28FF724AC8963BFCA48F01A2
SHA-512: ECF42775ED22AEF926E5AF6B8DE715D595560DADF1A745C41A09166EA35F88A873341DEC6B51FCCCF2362B824EE1485F499801CE707DD5F95F6A6AFCA4458958
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\OJFUrWAexJw[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 86911
Entropy (8bit): 5.6557687653286495
Encrypted: false
MD5: D15D9C8E1A3D60E52833222834CEE33C
SHA1: 1AE494944426AE7D746791B062D79993B68982D0
SHA-256: 8F91ACDED2223BA0AD197D3647ED2AEB02AEE424ABD5BA7C5D46F098D897E385
SHA-512: 2EC6D12B40F02B2431CA0FFB8242540902E7FAC89855797101EA5FF26E5F48AEF05F39D56940ACB34C9866BAE42684F81CFF9536265C92216914F7C303008DFE
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\OrNKwhJSpqH[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 37670
Entropy (8bit): 5.475280110884759
Copyright Joe Security LLC 2019 Page 28 of 80
Encrypted: false
MD5: B721A84EAC1501685FD5DC942392D823
SHA1: 7A8E6F4638EB232E530F1E89ADC0074FDDFA3BBA
SHA-256: E62A1C78F9C35885FB2641AAD41157A6F980176C78AD22B6FD51FB40D41456DE
SHA-512: F898F4F2C87DB1D6725CF3AF966ED8D47ABF1BB6D9419C8F144F2894B0C3C558820D483B642E55756F77FDC53D087CECEA32D71C581A4D41677D323211511A80
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\OrNKwhJSpqH[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\P_Nc_mUYNMb[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 231907
Entropy (8bit): 5.450371289411174
Encrypted: false
MD5: 1168648929CFECFD15BDA3BBBF7BE285
SHA1: F7F07A764BC2402035B9AAEABDF6D84778BDCA64
SHA-256: E7C9211AD24D41CEDAD6539BEC566E5CE212A240C6EEF88BC113A336ADA8E350
SHA-512: 44D58C8E9FAE190A23E36B0DB3A286747AF66953BAB68F31E490ECF33C83CA1340E5502AAAA81AC5B3325CF631581575D912A8DEF7D503F7845ED3574641619E
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\PsOO_DMT0_8[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 18847
Entropy (8bit): 5.484192327515949
Encrypted: false
MD5: A11AA4131C76B06F831D9185FE1845AA
SHA1: A2672A3616E0691524256F49F84C1DABB7B9E6F1
SHA-256: 95CE3676618AC32D664A7E84505F9DC7AF0794C74C9AEABEDBD93B4924328E4D
SHA-512: 9109FB1A2C4BE1F2056C97D181B67B20D2C9046E482268D60574428E143F1C6118E4F098124261B8D4937C815282F22364D37FF4B6EF98774C7EE757AC1BBB46
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\QvlFTRYI7Gy[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 17918
Entropy (8bit): 5.41068758189346
Encrypted: false
MD5: B5B3FABDE7BDFBE5470445590B9EA5F1
SHA1: 2BA1AF20B39F42D36BD613AE42107EEACB5A3415
SHA-256: 27825D5946CF8F22B9D3BF9F50433EE5F49BAEDAAABE36DF1C1A0E7681D6E372
SHA-512: 6E23E88F78E46614C40D1387A3EAAB542540294BB52A10E6A453E5FB326B9A091237D7241365C7E5CCD948D07A0890D5EDFBBC41F4DB54D8D2517AD9235E4A70
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\S6u-w4BMUTPHjxsIPx-mPCQ[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 23200, version 1.1
Size (bytes): 23200
Entropy (8bit): 7.976115144751764
Encrypted: false
MD5: ED27B4E1C500A37424908DDAF3376ADC
SHA1: 50CE657E2858B4F027FED575FFEEF40B75DE2499
SHA-256: B28BA41E1E778F1968A0B78242C25CFA7386E30D0E22771E478B1D88A3D0125A
SHA-512: ECC0F893BF2A4EB525E2768DEAF5F4235F75D58A46740DA1CA2D3F28ECF779A3C736760FE7D92F19E5635220E21C22D7608A4B72E520DF5F66EFF6DF90B4A11F
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\S6u8w4BMUTPHjxsAUi-s[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 31760, version 1.1
Size (bytes): 31760
Entropy (8bit): 7.984865363427987
Encrypted: false
Copyright Joe Security LLC 2019 Page 29 of 80
MD5: 8E4F1F58C1008CFA95A94655D6BE132D
SHA1: 0784888C48D1EB328958113F729269F9643B60F8
SHA-256: 7BCF182F9DF2732D77F964DC87D71A07A718B304C1CD41414A954843061AA53B
SHA-512: 36F0FC36B0C6DEB9BF1645711EAA9494A224D1FA0C4758141A25B369CF789CD072D3989C4843B324773E5E6BC862F4E83968DFF54ECF52AE4BD21CC789C51C2A
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\S6u8w4BMUTPHjxsAUi-s[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\S6u_w4BMUTPHjxsI9w2_FQfr[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 23784, version 1.1
Size (bytes): 23784
Entropy (8bit): 7.977850184928578
Encrypted: false
MD5: EA8C6FCEB410534F31B6EE2874045E9C
SHA1: 2F1DB1DDFE8725248C3811ED1BEBBBBBE34444BA
SHA-256: 8C68466E57208D2778FDD7778E8E588E2AA359E3D6235BB8DA8B65EF280891DA
SHA-512: 84AEFDE4298B4AC2F59AB72F1BFC42A75D3B914184BC4C5FBB3ADD6B3EFA39DE032C47B067412182A76E17A34DE71ED84AACB8B81E6BE434010BDCAFA54A9BF7
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\T3_WZK2sc5_[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 33705
Entropy (8bit): 5.448147036421814
Encrypted: false
MD5: C1F984C6C6F607BEF8531BD7948BE016
SHA1: 05EF9A4B5D00E6892BF89CD409005866DBEA34BB
SHA-256: 5B40EA0640824CB1DCD5DA730F2C2819EFEBED9882FC5FEE6189C666E3E655C6
SHA-512: 960CC8FC3EC934659A4BF7B1343CACC0D6BE565F325FBAB8D22B18149B97C31DA4127EB2C5B4F8A211560BEC4FB69E63FCC5FBA20282AB1A64D9AA8F70DCF7D1
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Ugg95XsiEbm[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 67246
Entropy (8bit): 5.377245659696648
Encrypted: false
MD5: A4FC00AE4E28E39797DAE245D61E3623
SHA1: 2439D558295A5CDA17440E4CC90DE188DD36F3D3
SHA-256: 6D5577D4B7A7E38DA302DB453923449423DA540614956093A0FD8FA23343AC35
SHA-512: 2F413AC28B953FFC2F44A2A0594E04873B1989B31D31A9BF423A3650DE6AD9C0A1C4F7D521AE2AF949907A6D447BEDA48E8E031DDD11ACD4535A19C644B243D2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\VDp8msMxnNe[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 55368
Entropy (8bit): 5.417385870616871
Encrypted: false
MD5: 48FF90F6C2131143EC992B216077F9D5
SHA1: 4418F5F2DE837A651A646D31F81F63D115308323
SHA-256: 5CEF54D072DA6E3F197BD94AFB7DF494AF24ABFE26AF82FCFBEA3D5D24D4FB86
SHA-512: 60A43C8F978B294136D41CE22FE348157F9036B5A17B6F759116CF0CA5C315B45694C24562518017F85D0CA126A7B9E9A9D4EB1B10868738DE61395FB2E6297E
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\WGkGSr1JRkY[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 48670
Entropy (8bit): 5.39479880750335
Encrypted: false
MD5: FAB08152318F53D0B77D61F62A733B88
Copyright Joe Security LLC 2019 Page 30 of 80
SHA1: E1ED64020CF7573221767D61361B4830D1628169
SHA-256: F8B74B9F5620E4C09409B87256550947EDAFF74412D67E32131931C3BBED572D
SHA-512: CEFD136ECAAA0AA6D5DD357A460FA05CAD58730CFF8AC2F1731C93F16E54A4D7D042AD9050C099FC1CACBE7E5DF23A927E9AA4E5A89B66A4CBD57D631B55E38E
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\WGkGSr1JRkY[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\active_filter[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 12 x 12
Size (bytes): 284
Entropy (8bit): 5.822171423789941
Encrypted: false
MD5: F3B899F507693F9D35B156CB661ED3DC
SHA1: DDE053369EDBA1904F33A24D233F67251B119EE8
SHA-256: B6DA2CE88DDA725EA7A45C738BAE5E0AA8B3EE73D5C7E10DD803D7C4093E2200
SHA-512: A10D38AD6025EDAFC27DA17313B962B7963956EC79DF31C3C568F9DAEA0FA94A855434E35AEB3BC3AE9FF8F09B6BB15A8E6008FAD8600A483764F0EA88CDE807
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ahyO4ECr_Kv[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 91318
Entropy (8bit): 5.225356526987357
Encrypted: false
MD5: F65BE8DA76344D39664A43102F0CBB84
SHA1: 5B4C0F11EE98F77E8BFF9645D111DE1EDC5488AB
SHA-256: 04C2EB53F54A18C8C823FD5B9093B04DF59CE2F875DF2E1B904CBB28D548FB74
SHA-512: 045A11D756CD36068FE2EF84E74B0C90254F72C30FA7A5960BFA77E7A7A16B9B23FDDF20B74A0C18C5470805BA06484901CA72A4712144BD15D54188C126617D
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bQ4z9fykDtY[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 56031
Entropy (8bit): 5.410776819187972
Encrypted: false
MD5: 2480A6795A2FED2A8CB950DD1FDFEB59
SHA1: 0B0AC5BEB2E63E4052F5178E04BB1A58BA715683
SHA-256: FF760E0C22CD1F730794C41A1CC423A9064BA2DEDCB1EB013F30FA31479B1CFA
SHA-512: 0BB5689B14C8585946DBBB97671D60BBEFDD0C201D86C850694AFD2580025519AC611B75BCC739E423CEE2378F98D90A7AA81E729D1A6323A6E165B97FC6C2F5
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\brilliance-1-Converted[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1584x360, frames 3
Size (bytes): 113113
Entropy (8bit): 7.983053342021913
Encrypted: false
MD5: F66DD7E12DBAF571D4773C929AE3F106
SHA1: E93565B33FB9DFF400357FF553C7B92E186D4753
SHA-256: 04008C97F8EBA85AFE06B02D50C47EB2ACC9674C2B23D5000A72247EF696847A
SHA-512: 539F62B30BD12A0B45461AE4569FA22213E54A4AB9FC166C9262482BEF12ADECD2A7575E66ECDE9626850979335950930D30C4C126445B80323256EFB9FC7905
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bvCcScS-hfB[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 14918
Entropy (8bit): 5.3448987891471775
Encrypted: false
MD5: 8EC0CB91356C0C450B30EA4CDDBD595B
Copyright Joe Security LLC 2019 Page 31 of 80
SHA1: 8AC82072FEF1069F5F5B2597B4381D8B6430F6CF
SHA-256: 8950147AA409A568A0E78EFEBCC753E44EEBBF5FDEC2844A2003A17DE51EC2DE
SHA-512: BB8D4F752173CD06EBCE73B8F9E3A41D531B422317BEC52FDBB79CA5C6F3B01D8475270F9352927FCE9B1818B3778A8B2A44433F719DBC69D4A87E8905E5980A
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bvCcScS-hfB[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\call[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 123
Entropy (8bit): 4.691600940817881
Encrypted: false
MD5: 931AC47AFE589BDA347CEC2F1F0F592C
SHA1: B64B52C635597BFD699A5B823C459736951CCD8C
SHA-256: FCC8A886ABFC4E824EB2FAB1590821C4DF035D63F7ECBFAC352083BE95E3D42F
SHA-512: CB43F3B78DC43360F2322654115D8C5CADF9DAD0325BF639EAB0BC25956D84961192B871D8D001DDD41BC8F9DF9C49EDEBF2CDD69A290AF436DE121C17F4734D
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\common[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 71858
Entropy (8bit): 5.497384396004263
Encrypted: false
MD5: A2756989CB3D85719DFECE7FC4B69BE5
SHA1: A80AD057917BF51A5B268B805C52E01134459703
SHA-256: 793025255C3CF7ACEBE3BECE1134FFC695C5F7B8A748C145E4C9BC302EBDAC25
SHA-512: 95024D33874D17E0381CE8A5ACEF83988D43C5B3462DE56D120EFB3E0742DBFC5B7BF2B4D96DAC9F9D2B1334047D91081E9E2ADC7F454C273528C3B435E68915
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\css[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 5552
Entropy (8bit): 5.2645411926022385
Encrypted: false
MD5: 3BAE1D384C727684C63C2CD6A2896592
SHA1: 4E61D2F342983DCD1AB2CCF173EB4220763C9760
SHA-256: 1A2F0DE7717D5F74007E61027FC82EDF8FAA74A7A7EE088D18DD867979325885
SHA-512: 80271DFF487E8C1EB136093B45382DEF6EE0216C2177BC18D132ED15740DC7E4C0246175C2998C690A19730B7A0242A9880FF0ADC4A1B739D80608D0BABDA046
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dmLEpUDAxql[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 84358
Entropy (8bit): 5.433544864755917
Encrypted: false
MD5: 3B11572319A535176059BADA6D046477
SHA1: BC395BF7F49D0EBF0708A5EEF8EDB95E563A1569
SHA-256: 5774DB6E0FF3909AEB1F50FFFB4E0AA5F3D4FABC2928BBB085755D7958419E76
SHA-512: 837F033574B344D2F0E91C49ADE1D5629AF0AFD007640C0E1E9E23C37F7652BE54D2770BF87D5312379A09C2133F3759DA937BB4BB84AE2C40D73273CC55FCEC
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dvfcxc6EbEo[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 82976
Entropy (8bit): 5.809257208353823
Encrypted: false
MD5: 2E86DFE4FA2F022175EBC84B560AF52E
SHA1: C9FE299357FE5335D8EF8290EA365F807B4A26C7
Copyright Joe Security LLC 2019 Page 32 of 80
SHA-256: 2F2B6A70A1A088DF4C9892563336669F6A28EF8414DC2DBD1177BA5A948D5BDF
SHA-512: 904555D45FC2D954DC2583245F218D032B141D91E5F3051B11BDAB943208B98A4F26831427750A300EE3AAC282E5ECD2B6A30B138A1D11CAB8E8DA2BFB5634FF
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dvfcxc6EbEo[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\epvtHep7clJ[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 107094
Entropy (8bit): 5.3632616010254175
Encrypted: false
MD5: 01E05CDE137E57016E7A1DA4196F59B5
SHA1: 660C17EEC3795EFFDC4123F067781D60FEA24718
SHA-256: 49B2E4782EE8AA9FB275AE7386706750858ABDD7DE69E04E6E8ED9A3B2C08C1C
SHA-512: 0AD0F33D7061D39B49F38C295C33EE63C1EBA8A4778E36EB8893174F892D9BB6A9633826D121F2A1D7CEF0D53A9114A81D275CD61D23F529AC764F601E124CB2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\f[1].txtProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 3895
Entropy (8bit): 4.78111988106474
Encrypted: false
MD5: FD47327934540A1E78385597E3A86DF0
SHA1: CD5961BBFBCE46BE86614C37E8E389026D681A5A
SHA-256: 72F748E70F9F7DFC76C1A0761528D59C8130B523F9432AB10AF80D086EF545A9
SHA-512: C661689F4F454229CCE463A49641C7177DE790CBECAC1A312DEDF4E5D6AA3A040E587AFC43F484A5F4455F83FC85B4A9B663E8B2455BBB0E9F1B4154F39E075B
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\feed[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines
Size (bytes): 20265
Entropy (8bit): 4.645834015167827
Encrypted: false
MD5: 06A7E6B20CCDE21EF23D7033264BE058
SHA1: 4790CC93CC19B3009819E2E4A48683519066DEDE
SHA-256: 00A5CA6FB36A7A87B7E537C825784C066C1D14598A84DB0CC2B94384EE89CD26
SHA-512: 2C4C15B108388CD61FB78260185C17EA10B136C1EB3EF29904D4EE83FA8ED6D6D2204A7F660FD0D9907EEEB2C7F9A79C3E1A89C46801F0BD1F060B2368CB2FCA
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\feedarrowtrans[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 19 x 14, 1-bit grayscale, non-interlaced
Size (bytes): 98
Entropy (8bit): 4.423401944999608
Encrypted: false
MD5: 58C529336FE3353D89BDA90B34E29FC7
SHA1: E409DA1C6A64F21AEDF7E195BA397BAB3F8EFD87
SHA-256: 7A94DB43FCBC6463FF75C527485534E640DB6C80F433E79993FFC725AFE48DD2
SHA-512: 736DE4F22830571C85FC817C8DFE13E60F7C2EF1064E4C66A6B62208F3CEDCEFD7AAADA0D31DECDCE5DC9F0649228839E0630706F6C58A6726B90AE30FAEFADA
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\feedcheckmark[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 14 x 15, 8-bit colormap, non-interlaced
Size (bytes): 362
Entropy (8bit): 7.01811110588905
Encrypted: false
MD5: 5FFD62F3500CD1C46A03F3CB3928F3BC
SHA1: E4CBD0B3766FE4D1D5E04E1FC61ED7564CD0F1AC
SHA-256: 5459CB891DEF5173B824E25C3B39FC4B5F9305659EB3772CF0247A7F58BA2702
Copyright Joe Security LLC 2019 Page 33 of 80
SHA-512: 597BB54C8A554237B52BF2F3D7701916784BD23AF2D6604B992DC4A36CFCA42857ABE1F9FF3FA3C492DBA7BF3E094136DCA063038BE5AD1198E9DE245A5C5BA2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\feedcheckmark[1]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jC6QprXnGUE[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 161 x 409, 8-bit/color RGBA, non-interlaced
Size (bytes): 26019
Entropy (8bit): 7.971004643374897
Encrypted: false
MD5: 33BC58DD9D72D629A148B01F47D883A1
SHA1: 9A864D46CF487463B0515F3F1907B5E3B4A2F07A
SHA-256: 26134E88FBED6F31C274E0AF4A0808B2014D5FB18139900EF95F87BE42DD99F8
SHA-512: 56CD93DBADC7163EB41114708943D365D7788125CE06A1677DA99E474AC4092350ED7083BAAD297824654EFC26AAD8D01348A987B223B0DD99DB7B1323901CC0
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\js[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 110429
Entropy (8bit): 5.465036515712539
Encrypted: false
MD5: B9CD169FC2510A92FE7AB61DB695E875
SHA1: A1E32B5C77939CCFCBBCA71D4B85EAEB409629D2
SHA-256: 85062C5D066E5A0E977484B08FD1D0B9DB366802DEE25CC03CE1E6D567172F39
SHA-512: E7ABCAC3431185BAE44C88525CC3953EA2F73FC038CB86984552C0F1B10E0C4E3529D1C4DC192697DA1A0F5EC61731B653DF266A846419F167E65EC8693811C8
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\la1Wppy40GW[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 121946
Entropy (8bit): 5.3801136945658925
Encrypted: false
MD5: 35E1A71AE80A75927CF8673C132FE3E2
SHA1: 2C6937429B487223AAD090414227BABB943BAEEE
SHA-256: 6D3B8DB5F70A232075D31369C0991C31C3000C3B6A3082A8139263EA1B6552FF
SHA-512: E9B9632649F47850A8C145B2E57ABF938F401E8B4996768519D20247EAA9E98A81EC9A7C891AE6D951E312859F3BD70408D756E3B3F3F3B750332BC52ABBF31F
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\map[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 46510
Entropy (8bit): 5.426449184277727
Encrypted: false
MD5: E670FC17081E0392A74572A4DC785A26
SHA1: A88BD9D307222C75163A1743BB160977096D26D2
SHA-256: 585CFBA100DABB531BDFD6A5209EB3CD0C89FA1ECE089939A348892E4E7010E7
SHA-512: 3E1F64A66F10545A189E7C0F7643EB492015A0D09CF52A8127857A03B010412728B7B15EAD86669947F64389F45AD1179242F30ED99E882C1CAEC2810B16F5E8
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mem5YaGs126MiZpBA-UN8rsOXOhv[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 25004, version 1.1
Size (bytes): 25004
Entropy (8bit): 7.977729833709557
Encrypted: false
MD5: 596BF50C114C99FF5EC2E114E51B12BF
SHA1: 9751ACF064C53F7BA40E36A1A36FB0C06CDDD973
SHA-256: E09BE1114565BF957BA30A5C1F745DD23BB044C1C836BDC7E48A0067A4F77EA2
Copyright Joe Security LLC 2019 Page 34 of 80
SHA-512: 1D56846D5A291ABC12117153C4E3A2675920D8BFF3DB314572CD702C11435B3E00B8AEDEB3C845F2EA5047F5F464FEC67B5C3B8F2FEB2BF22EF3D08BC00E3CB7
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mem5YaGs126MiZpBA-UN8rsOXOhv[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\memnYaGs126MiZpBA-UFUKXGUdhlIqU[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 23100, version 1.1
Size (bytes): 23100
Entropy (8bit): 7.975637279799538
Encrypted: false
MD5: 0B75A932B9C0AB67CBB2E9486C6D87DC
SHA1: 3DF68629841CDEE70C4EF9B340AC8C27D87301E0
SHA-256: 27D434353FCDFE8EBF0982D8C068EDF97C1EC72CC287FB94AC21B6813992E564
SHA-512: CB2245E80858B52E1CEEEF736253CBE6663AC9A3D8EC92711A66CD9D03554E13ED2839B38AB412D496F03241163AEF863A3A5BDE0FD15F5C8198BCB7DFF3C960
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mgOlVhWibxg[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 421 x 2492, 8-bit/color RGBA, non-interlaced
Size (bytes): 279985
Entropy (8bit): 7.992744828727492
Encrypted: true
MD5: 0AB3FDDDB2E8E793619863AC78552A52
SHA1: 8C0E1D4784BB42BB33457BFCCCB9F709D4B2D875
SHA-256: ED6F71E2B548AE1FE6CC4A8DF64B2A8BF40FEF99181ABD656942C58414AF0C66
SHA-512: F05E1C25F1CDA34FC8BF1EBB1FFCD5C51B22BB98F43C5A57C3388D62F740A6DF78BD1AA8B46BB8A5E12144055EAC26DBDCCF9781B575839A6593328650FE7D94
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ojhymilLXrU[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 141576
Entropy (8bit): 5.278711733109694
Encrypted: false
MD5: 475A88C022542CEDB86034D2933E0E25
SHA1: 00AF210B9F5F03F0C48CC3DFD33741F23CD0D061
SHA-256: C73A9D53DFC948B815496816BCE84539A991C4D6879B7564FA0163114B83D393
SHA-512: 1988D9CB5003FA74578B2F1AB676F80D0AF440279CB989A162625818F5EB4A2A586BF8FB4C185D70F40E08B1010291FC199691657BEA73686D7A8F5EC55A289A
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\openhand_8_8[1].bmpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows cursor resource - 1 icon, 32x32, 2 colors, hotspot @8x8
Size (bytes): 326
Entropy (8bit): 2.5620714588910247
Encrypted: false
MD5: FEFF9159F56CB2069041D660B484EB07
SHA1: 0D0A08CF25A258511957F357B89D3908F3C5E6E3
SHA-256: 7342F390B12F636D14E25F698FC5E38CF6240994DC0C07FEFBBB4E78EC4D03C7
SHA-512: F850277F48AC14FA363265469776E6F7F07F7DD743AA1D1AD7CF2329EEE6D323DA3422CF6BAAC066C84ECD24800A02088053EF3FC0488D170E7FC942AC8FFA99
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\pFYaHuzS5Z2[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 49108
Entropy (8bit): 5.418917961456456
Encrypted: false
MD5: 04479DA42A706B12F962B5860FDE8A8C
SHA1: ED912D12B6DC5D0D0DFAC1F23C504770857835F1
SHA-256: 9E969A96096695AAE75566B5A81E6651BF1FF9059465E75C96C05BC949D6E4CF
Copyright Joe Security LLC 2019 Page 35 of 80
SHA-512: 4EF55DF9E67E00CD3CB6D5F76D766C20998DD284DFF14F5083014324595998D6703A301C1D6CB8EF155F196ADBFCA541360F1D8ADB0F58F3B61597BEA1B7368C
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\pFYaHuzS5Z2[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\p_3KSpddNMW[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 14587
Entropy (8bit): 5.3242655838643875
Encrypted: false
MD5: E6FE38A6CE27D91BE64728494F3AA684
SHA1: 977BA36295296F9E4B50BA8D5BEC9C55780CBCB2
SHA-256: 13B10B06A418348F08862947D776D48B57E69A11A98CA04F8C023D52A16A4E0B
SHA-512: E6D605D0322E82E967164142FFC73ACA418B10228F60774EDA16DB245DBE1B6B0ACF7BE139A6DDE381480220EB3D3CD8A3E5C1514B6397A18F2972262888ACE6
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\qPAL-nGMp_q[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 88077
Entropy (8bit): 5.2218325893659205
Encrypted: false
MD5: E9ADB27AE7518510AA3B48ADD764E050
SHA1: CE285C9AF2A6CFD304AD4B8834FBD28D81BC7BDE
SHA-256: FCE59395986E8AB8DA8ACD73BB0274E852ADF9B50252DC19464D7EC62694A103
SHA-512: B8D7F5CCF16C60059C34E35C74E2DB70533B1C40BD2C1AECC0D407D2C927FEBE104A148B93C1A3A77D612E3CEC0F22CAEDFE169CB4698B0D924C8E1F3461D60E
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\r4nuUagG2jg[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 37905
Entropy (8bit): 5.419571547031819
Encrypted: false
MD5: E55037970A7A352176B71C01534AAFF9
SHA1: 8448E25A0FEB0C0C6C0414195C26E8D628B61700
SHA-256: 82AD8F2555E542CDB5070BA1F1D3B4A94D75CB15390C0157C939339302E4D5F3
SHA-512: CCDCE2AA0347613C8C9CC8C5C966B64473CE1E458337BCD2C7148E633B0EAD7BACDA8921C3DF5D187E46D54DB026464B5BD9B5D9FE67E9192A97F05BF0A7FCA5
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\raOkx9Nt3Ti[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 29690
Entropy (8bit): 5.376699389749835
Encrypted: false
MD5: AEE4177B36892AD9D963F6193A083FBE
SHA1: BE9A01FC87E98D9E23BA3C0ADB5045CE1EC8D754
SHA-256: B851C79D100BA2EBEE667546A18C9E740A039433C91CAACA98BD9A53C562719C
SHA-512: 4E7AAB31B75C5CC1D657EF0D95E93ADA3DCD9550B057E58FB61D8262AF0AFD4C207454166D4A64915FCA4CC0252484536991A8A8DF7C18EF692598F6D72C0CB6
Malicious: false
Name IP Active Malicious Antivirus Detection Reputation
star-mini.c10r.facebook.com 31.13.75.36 true false high
fbsbx.com 157.240.20.35 true false high
Domains and IPs
Contacted Domains
Copyright Joe Security LLC 2019 Page 36 of 80
scontent.xx.fbcdn.net 31.13.75.12 true false high
facebook.com 185.60.216.35 true false high
fbcdn.net 185.60.216.35 true false high
brillianceautobody.com 69.16.220.44 true false 2%, virustotal, Browse unknown
googlehosted.l.googleusercontent.com 172.217.168.33 true false high
scontent-mrs1-1.xx.fbcdn.net 31.13.75.12 true false high
www.brillianceautobody.com unknown unknown false unknown
www.facebook.com unknown unknown false high
connect.facebook.net unknown unknown false high
lh3.googleusercontent.com unknown unknown false high
lh5.googleusercontent.com unknown unknown false high
www.youtube.com unknown unknown false high
lh4.googleusercontent.com unknown unknown false high
external-mrs1-1.xx.fbcdn.net unknown unknown false high
s.ytimg.com unknown unknown false high
staticxx.facebook.com unknown unknown false high
Name IP Active Malicious Antivirus Detection Reputation
Name Source Malicious Antivirus Detection Reputation
https://fb.com/store_locator nYF8c3KIKMH[1].js.28.dr false high
www.broofa.com js[1].js.28.dr false high
maps.gstatic.cn/mapfiles/transparent.png) onion[1].js.28.dr false high
https://brillianceautobody.com/hello-world/#comments feed[1].28.dr false Avira URL Cloud: safe unknown
g.co/dev/maps-no-account js[1].js.28.dr false high
https://brillianceautobody.com feed[1].28.dr false Avira URL Cloud: safe unknown
https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
analytics[1].js.28.dr false high
maps.gstatic.cn/mapfiles/api-3/images/sv9_hdpi.png) controls[1].js.28.dr false high
www.radpdf.com)/Author(Heidi Proposal2019.pdf false Avira URL Cloud: safe low
https://fb.me Jb72eYvBuGh[1].js.28.dr false high
https://brillianceautobody.com/left-sidebar-blog-post/ feed[1].28.dr false Avira URL Cloud: safe unknown
https://lh6.ggpht.com/ js[1].js.28.dr false high
https://www.youtube.com www-widgetapi[1].js.28.dr false high
https://www.instagram.com tpVtvhpEupg[1].js.28.dr false high
https://lh5.googleusercontent.com/-ul8BFoDXn_s/AAAAAAAAAAI/AAAAAAAAAAA/AiE42NQSH5Q/photo.jpg
google_rcount[1].htm.28.dr false high
https://connect.facebook.net/en_US/fbevents.js zS--arcG73E[1].js.28.dr false high
https://brillianceautobody.com/?p=1 feed[1].28.dr false Avira URL Cloud: safe unknown
https://lh3.ggpht.com/ js[1].js.28.dr false high
maps.gstatic.cn/mapfiles/api-3/images/mapcnt6_hdpi.png
onion[1].js.28.dr false high
https://stats.g.doubleclick.net/j/collect analytics[1].js.28.dr false high
https://brillianceautobody.com/hello-world/feed/ feed[1].28.dr false Avira URL Cloud: safe unknown
https://geo0.ggpht.com/cbk js[1].js.28.dr false high
https://wordpress.org/?v=5.1 feed[1].28.dr false high
https://brillianceautobody.com/left-sidebar-blog-post/#respond
feed[1].28.dr false Avira URL Cloud: safe unknown
www.reddit.com/ msapplication.xml4.27.dr false high
maps.gstatic.cn/mapfiles/embed/images/entity11.png) init_embed[1].js.28.dr false high
https://lh5.ggpht.com/ js[1].js.28.dr false high
mechanic.aspengrovestudios.space/?p=1 feed[1].28.dr false high
https://www.brillianceautobody.com/ {E9ACF2FC-449D-11E9-AAD9-C25F135D3C65}.dat.27.dr
false Avira URL Cloud: safe unknown
https://brillianceautobody.com/right-sidebar-blog-post/ feed[1].28.dr false Avira URL Cloud: safe unknown
https://lh5.googleusercontent.com/-lz-8ZCkxo_c/AAAAAAAAAAI/AAAAAAAAAAA/iXfq6PIp-S8/photo.jpg
google_rcount[1].htm.28.dr false high
https://aspengrovestudios.com/ style[2].css.28.dr false high
https://brillianceautobody.com/wp-content/plugins/wp_google_review/js/wp_google_review_script.js
google_rcount[1].htm.28.dr false Avira URL Cloud: safe unknown
https://brillianceautobody.com/blog-post-with-comments/#comments
feed[1].28.dr false Avira URL Cloud: safe unknown
https://lh5.googleusercontent.com/-QOBx-hFz1a8/AAAAAAAAAAI/AAAAAAAAAAA/HGkEtoE6oYE/photo.jpg
google_rcount[1].htm.28.dr false high
URLs from Memory and Binaries
Copyright Joe Security LLC 2019 Page 37 of 80
https://fb.me/ U0zRfD2MnFF[1].js.28.dr false high
www.dynaforms.com Proposal2019.pdf false high
https://facebook.exceedlms.com/student/catalog/show/182065ySRZ2iPN0g3[1].js.28.dr false high
mechanic.aspengrovestudios.space/?p=1861 feed[1].28.dr false high
mechanic.aspengrovestudios.space/?p=1862 feed[1].28.dr false high
mechanic.aspengrovestudios.space/?p=1863 feed[1].28.dr false high
maps.gstatic.cn init_embed[1].js.28.dr false high
https://brillianceautobody.com/left-sidebar-blog-post/feed/
feed[1].28.dr false Avira URL Cloud: safe unknown
https://www.google.%/ads/ga-audiences analytics[1].js.28.dr false high
www.youtube.com/ msapplication.xml7.27.dr false high
https://brillianceautobody.com/hello-world/ feed[1].28.dr false Avira URL Cloud: safe unknown
https://s.update.fbsbx.com/2/843748/utils.html?ti= raOkx9Nt3Ti[1].js.28.dr false high
https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
raOkx9Nt3Ti[1].js.28.dr false high
fb.me nYF8c3KIKMH[1].js.28.dr false high
www.radpdf.com Proposal2019.pdf false high
https://brillianceautobody.com/right-sidebar-blog-post/feed/
feed[1].28.dr false Avira URL Cloud: safe unknown
https://bit.ly/2F1lIzj) Proposal2019.pdf false high
https://brillianceautobody.com/feed/obody {E9ACF2FC-449D-11E9-AAD9-C25F135D3C65}.dat.27.dr
false Avira URL Cloud: safe unknown
https://lh3.googleusercontent.com/-pOYU8sEiT-U/AAAAAAAAAAI/AAAAAAAAAAA/JXf53PoimMI/photo.jpg
google_rcount[1].htm.28.dr false high
https://brillianceautobody.com/feed/ feed[1].28.dr false Avira URL Cloud: safe unknown
https://lh4.googleusercontent.com/-PSeAsLMFBbw/AAAAAAAAAAI/AAAAAAAAAAA/VEPchUPwkKM/photo.jpg
google_rcount[1].htm.28.dr false high
maps.google.cn onion[1].js.28.dr false high
www.amazon.com/ msapplication.xml.27.dr false high
https://fb.com/dynamic_call_now nYF8c3KIKMH[1].js.28.dr false high
https://brillianceautobody.com/wp-includes/js/jquery/jquery.js
google_rcount[1].htm.28.dr false Avira URL Cloud: safe unknown
https://divi.space/ style[2].css.28.dr false high
www.twitter.com/ msapplication.xml5.27.dr false high
www.google.cn common[1].js0.28.dr false high
https://geo1.ggpht.com/cbk js[1].js.28.dr false high
https://api.whatsapp.com/send? vqrnT8IvluS[1].js.28.dr false high
maps.gstatic.cn/mapfiles/api-3/images/sv9.png) controls[1].js.28.dr false high
static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
~DFB0CFBFAEAD118659.TMP.27.dr false high
https://brillianceautobody.com/google_rcount/?urls=https%3A%2F%2Fbrillianceautobody.com%2F
{E9ACF2FC-449D-11E9-AAD9-C25F135D3C65}.dat.27.dr
false Avira URL Cloud: safe unknown
https://brillianceautobody.com/wp-content/plugins/wp_google_review/css/A.wp_google_review_style.css
google_rcount[1].htm.28.dr false Avira URL Cloud: safe unknown
https://brillianceautobody.com/blog-post-with-comments/feed/
feed[1].28.dr false Avira URL Cloud: safe unknown
https://brillianceautobody.com/right-sidebar-blog-post/#respond
feed[1].28.dr false Avira URL Cloud: safe unknown
https://lh4.ggpht.com/ js[1].js.28.dr false high
maps.gstatic.cn/mapfiles/embed/images/entity11_hdpi.png)init_embed[1].js.28.dr false high
https://fburl.com/comet_preloading N2eBRcY4wPO[1].js.28.dr false high
https://fburl.com/debugjs. us9kIYBUO_M[1].js.28.dr false high
wellformedweb.org/CommentAPI/ feed[1].28.dr false high
www.nytimes.com/ msapplication.xml3.27.dr false high
https://geo3.ggpht.com/cbk js[1].js.28.dr false high
www.youtube.com iframe_api[1].js.28.dr false high
https://brillianceautobody.com/blog-post-with-comments/ feed[1].28.dr false Avira URL Cloud: safe unknown
https://brillianceautobody.com/ {E9ACF2FC-449D-11E9-AAD9-C25F135D3C65}.dat.27.dr
false Avira URL Cloud: safe unknown
https://brillianceautobody.com/full-width-blog-post/ feed[1].28.dr false Avira URL Cloud: safe unknown
https://brillianceautobody.com/wp-content/plugins/wp_google_review/images/site/google.png
google_rcount[1].htm.28.dr false Avira URL Cloud: safe unknown
https://lh4.googleusercontent.com/-X39gUfDuSKM/AAAAAAAAAAI/AAAAAAAAAAA/JyJnvoWyZz4/photo.jpg
google_rcount[1].htm.28.dr false high
https://fburl.com/silvertail-theme xKvo05v2vs5[1].js.28.dr false high
Name Source Malicious Antivirus Detection Reputation
Copyright Joe Security LLC 2019 Page 38 of 80
https://geo2.ggpht.com/cbk js[1].js.28.dr false high
https://fb.com/messenger_doc/ vqrnT8IvluS[1].js.28.dr false high
https://fb.me/react-animation-transition-group-timeout dXHvpjknlW_[1].js.28.dr false high
https://brillianceautobody.com/wp-content/uploads/2019/01/cropped-cropped-favicon-carworld-info-32x3
feed[1].28.dr false Avira URL Cloud: safe unknown
https://brillianceautobody.com/full-width-blog-post/feed/ feed[1].28.dr false Avira URL Cloud: safe unknown
https://m.me/ U0zRfD2MnFF[1].js.28.dr false high
https://s.ytimg.com/yts/jsbin/www-widgetapi-vflAUgaNr/www-widgetapi.js
iframe_api[1].js.28.dr false high
https://lh4.googleusercontent.com/-xEL0W1aMWG8/AAAAAAAAAAI/AAAAAAAAAAA/vlElfIAto24/photo.jpg
google_rcount[1].htm.28.dr false high
www.wikipedia.com/ msapplication.xml6.27.dr false high
maps.gstatic.cn/mapfiles/api-3/images/mapcnt6.png onion[1].js.28.dr false high
www.live.com/ msapplication.xml2.27.dr false high
https://brillianceautobody.com/full-width-blog-post/#respond
feed[1].28.dr false Avira URL Cloud: safe unknown
https://lh5.googleusercontent.com/-rY_-pY9f9gs/AAAAAAAAAAI/AAAAAAAAAAA/63gZl1_TMTA/photo.jpg
google_rcount[1].htm.28.dr false high
https://fb.com/dynamic_get_directions nYF8c3KIKMH[1].js.28.dr false high
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
216.58.215.225 United States 15169 unknown false
69.16.220.44 United States 32244 unknown false
185.60.216.35 Ireland 32934 unknown false
31.13.75.12 Ireland 32934 unknown false
172.217.168.33 United States 15169 unknown false
31.13.75.36 Ireland 32934 unknown false
157.240.20.35 United States 32934 unknown false
3.3.0.2 United States 38895 unknown false
Contacted IPs
Public
Copyright Joe Security LLC 2019 Page 39 of 80
Static File Info
GeneralFile type: PDF document, version 1.6
Entropy (8bit): 7.989894765653823
TrID: Adobe Portable Document Format (5005/1) 76.94%Java Script embedded in Visual Basic Script (1500/0) 23.06%
File name: Proposal2019.pdf
File size: 205236
MD5: 52edc508ee68463d2b37c63d7d7b0de1
SHA1: 84107accd40899df8f75204d68f704f3fc38ac36
SHA256: 620d76b74955a6585bc4fd91bb81949229847245bc6d7b5d47a27c495a864c40
SHA512: 64824c53147f32d705af7f8137a67331704e82a4d90f9260f710963fe84d47742c78ef3a298d7edb51c3eab54247f24fbcb408ad95ae2fef66629bdad8164028
SSDEEP: 3072:vRNtrIFEa3SBEqJAKrHq8OcbsZvDupK8gED4RarvRp0OvGeJ/WeIencDY5V:vtQa6LupK8E6vFOquezcDiV
File Content Preview: %PDF-1.6.%......1 0 obj.<</Type/Page/Parent 17 0 R/Contents 16 0 R/MediaBox[0 0 841.89001 595.28003]/CropBox[0 0 841.89001 595.28003]/TrimBox[0 0 841.89001 595.28003]/Annots[2 0 R 4 0 R]/Group 6 0 R/Resources<</ExtGState<</GS1 7 0 R>>/Font<</F3 8 0 R>>/XO
File Icon
Icon Hash: 74ecccdcd4ccccd0
GeneralHeader: %PDF-1.6
Total Entropy: 7.989895
Total Bytes: 205236
Stream Entropy: 7.991134
Stream Bytes: 202004
Entropy outside Streams: 5.486696
Bytes outside Streams: 3232
Number of EOF found: 1
Bytes after EOF:
Name Count
obj 22
endobj 22
stream 8
endstream 8
xref 0
trailer 0
startxref 1
/Page 1
/Encrypt 0
/ObjStm 0
/URI 4
/JS 0
/JavaScript 0
/AA 0
/OpenAction 1
/AcroForm 0
/JBIG2Decode 0
/RichMedia 0
Static PDF Info
Keywords Statistics
Copyright Joe Security LLC 2019 Page 40 of 80
Network Port Distribution
Total Packets: 69
• 443 (HTTPS)
• 53 (DNS)
/Launch 0
/EmbeddedFile 0
Name Count
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
Mar 12, 2019 01:07:34.181174040 CET 55147 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:34.332819939 CET 53 55147 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:44.148271084 CET 62247 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:44.186608076 CET 53 62247 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:44.218540907 CET 59496 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:44.368396044 CET 53 59496 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:45.424048901 CET 58937 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:45.574184895 CET 53 58937 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:45.596234083 CET 49796 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.598093987 CET 49797 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.728471041 CET 443 49797 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.728729010 CET 49797 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.737375021 CET 443 49796 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.737689018 CET 49796 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.740598917 CET 49797 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.740878105 CET 49796 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.870765924 CET 443 49797 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.872232914 CET 443 49797 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.872272968 CET 443 49797 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.872292995 CET 443 49797 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.872498035 CET 49797 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.882208109 CET 443 49796 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.883467913 CET 443 49796 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.883513927 CET 443 49796 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.883534908 CET 443 49796 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:45.883712053 CET 49796 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.915566921 CET 49796 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.915642023 CET 49797 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:45.923206091 CET 49796 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:46.046386003 CET 443 49797 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:46.046586037 CET 49797 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:46.057099104 CET 443 49796 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:46.057333946 CET 49796 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:46.103863955 CET 443 49796 69.16.220.44 192.168.2.5
TCP Packets
Copyright Joe Security LLC 2019 Page 41 of 80
Mar 12, 2019 01:07:47.149204016 CET 443 49796 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.149313927 CET 49796 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.162864923 CET 62548 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:47.309750080 CET 53 62548 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:47.314491034 CET 49798 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.314589024 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.444742918 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.444782019 CET 443 49798 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.444983959 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.445024967 CET 49798 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.447164059 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.447374105 CET 49798 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.576961994 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.577204943 CET 443 49798 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.578298092 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.578356981 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.578388929 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.578433990 CET 443 49798 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.578474045 CET 443 49798 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.578505039 CET 443 49798 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.579391956 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.579489946 CET 49798 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.585031033 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.586628914 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.587884903 CET 49798 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.715106964 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.715329885 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.718231916 CET 443 49798 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:47.718383074 CET 49798 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:47.755603075 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.802860975 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.802920103 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.802973032 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.803010941 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.803040981 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.803092003 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.803136110 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:48.803152084 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.803198099 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.803263903 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.803620100 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:48.874145985 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.874309063 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:48.918571949 CET 53311 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:48.919450045 CET 49798 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:48.924949884 CET 49800 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:48.925321102 CET 49801 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:48.927016020 CET 49802 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:48.931303024 CET 49803 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:48.933209896 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.933248043 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.933273077 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.933298111 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.933469057 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.933525085 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.933552027 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.933573961 CET 443 49799 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:48.934148073 CET 49799 443 192.168.2.5 69.16.220.44
Mar 12, 2019 01:07:48.941339970 CET 54455 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:48.948442936 CET 53 53311 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:48.970788956 CET 53 54455 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:49.053843021 CET 443 49798 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:49.053880930 CET 443 49798 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:49.053905964 CET 443 49798 69.16.220.44 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2019 Page 42 of 80
Mar 12, 2019 01:07:49.053930998 CET 443 49798 69.16.220.44 192.168.2.5
Mar 12, 2019 01:07:49.053950071 CET 443 49798 69.16.220.44 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Mar 12, 2019 01:07:34.181174040 CET 55147 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:34.332819939 CET 53 55147 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:44.148271084 CET 62247 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:44.186608076 CET 53 62247 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:44.218540907 CET 59496 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:44.368396044 CET 53 59496 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:45.424048901 CET 58937 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:45.574184895 CET 53 58937 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:47.162864923 CET 62548 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:47.309750080 CET 53 62548 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:48.918571949 CET 53311 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:48.941339970 CET 54455 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:48.948442936 CET 53 53311 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:48.970788956 CET 53 54455 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:50.649132967 CET 54772 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:50.676434994 CET 58460 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:50.678694963 CET 53 54772 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:50.689682961 CET 53 58460 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:51.025499105 CET 58876 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:51.062199116 CET 53 58876 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:51.510245085 CET 58501 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:51.539872885 CET 53 58501 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:51.690851927 CET 53388 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:51.697839975 CET 58724 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:51.702117920 CET 60822 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:51.721612930 CET 53 53388 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:51.728044987 CET 53 58724 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:51.728857994 CET 58429 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:51.731307030 CET 53 60822 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:51.743639946 CET 55467 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:51.766525984 CET 53 58429 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:51.780391932 CET 53 55467 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:52.523085117 CET 52386 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:52.541621923 CET 64452 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:52.559067965 CET 53 52386 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:52.571038008 CET 53 64452 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:54.761589050 CET 57162 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:54.770999908 CET 63777 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:54.786039114 CET 52431 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:07:54.793481112 CET 53 57162 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:54.803030968 CET 53 63777 8.8.8.8 192.168.2.5
Mar 12, 2019 01:07:54.814914942 CET 53 52431 8.8.8.8 192.168.2.5
Mar 12, 2019 01:08:29.521030903 CET 49515 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:08:29.565797091 CET 53 49515 8.8.8.8 192.168.2.5
Mar 12, 2019 01:08:29.681554079 CET 61794 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:08:29.695204973 CET 53 61794 8.8.8.8 192.168.2.5
Mar 12, 2019 01:08:29.889348030 CET 58256 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:08:29.902946949 CET 53 58256 8.8.8.8 192.168.2.5
Mar 12, 2019 01:08:30.081374884 CET 59078 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:08:30.095022917 CET 53 59078 8.8.8.8 192.168.2.5
Mar 12, 2019 01:08:34.194103956 CET 53453 53 192.168.2.5 8.8.8.8
Mar 12, 2019 01:08:34.231040001 CET 53 53453 8.8.8.8 192.168.2.5
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Mar 12, 2019 01:07:34.181174040 CET 192.168.2.5 8.8.8.8 0x4334 Standard query (0)
brillianceautobody.com
A (IP address) IN (0x0001)
UDP Packets
DNS Queries
Copyright Joe Security LLC 2019 Page 43 of 80
Mar 12, 2019 01:07:44.218540907 CET 192.168.2.5 8.8.8.8 0x67a1 Standard query (0)
www.brillianceautobody.com
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:45.424048901 CET 192.168.2.5 8.8.8.8 0x12d4 Standard query (0)
www.brillianceautobody.com
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:47.162864923 CET 192.168.2.5 8.8.8.8 0x789c Standard query (0)
brillianceautobody.com
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:51.025499105 CET 192.168.2.5 8.8.8.8 0x422c Standard query (0)
connect.facebook.net
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:51.510245085 CET 192.168.2.5 8.8.8.8 0xb355 Standard query (0)
www.youtube.com
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:51.697839975 CET 192.168.2.5 8.8.8.8 0x2b2f Standard query (0)
s.ytimg.com A (IP address) IN (0x0001)
Mar 12, 2019 01:07:51.728857994 CET 192.168.2.5 8.8.8.8 0xa504 Standard query (0)
staticxx.facebook.com
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:51.743639946 CET 192.168.2.5 8.8.8.8 0x75ed Standard query (0)
www.facebook.com
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:52.523085117 CET 192.168.2.5 8.8.8.8 0x8830 Standard query (0)
scontent-mrs1-1.xx.fbcdn.net
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:54.761589050 CET 192.168.2.5 8.8.8.8 0x18b7 Standard query (0)
lh5.googleusercontent.com
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:54.770999908 CET 192.168.2.5 8.8.8.8 0xd71e Standard query (0)
lh4.googleusercontent.com
A (IP address) IN (0x0001)
Mar 12, 2019 01:07:54.786039114 CET 192.168.2.5 8.8.8.8 0xabec Standard query (0)
lh3.googleusercontent.com
A (IP address) IN (0x0001)
Mar 12, 2019 01:08:29.521030903 CET 192.168.2.5 8.8.8.8 0x882e Standard query (0)
external-mrs1-1.xx.fbcdn.net
A (IP address) IN (0x0001)
Mar 12, 2019 01:08:29.681554079 CET 192.168.2.5 8.8.8.8 0x1ae3 Standard query (0)
facebook.com A (IP address) IN (0x0001)
Mar 12, 2019 01:08:29.889348030 CET 192.168.2.5 8.8.8.8 0x6b7c Standard query (0)
fbcdn.net A (IP address) IN (0x0001)
Mar 12, 2019 01:08:30.081374884 CET 192.168.2.5 8.8.8.8 0x4f10 Standard query (0)
fbsbx.com A (IP address) IN (0x0001)
Mar 12, 2019 01:08:34.194103956 CET 192.168.2.5 8.8.8.8 0x79cd Standard query (0)
scontent.xx.fbcdn.net
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Mar 12, 2019 01:07:34.332819939 CET
8.8.8.8 192.168.2.5 0x4334 No error (0) brillianceautobody.com
69.16.220.44 A (IP address) IN (0x0001)
Mar 12, 2019 01:07:44.368396044 CET
8.8.8.8 192.168.2.5 0x67a1 No error (0) www.brillianceautobody.com
brillianceautobody.com CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:44.368396044 CET
8.8.8.8 192.168.2.5 0x67a1 No error (0) brillianceautobody.com
69.16.220.44 A (IP address) IN (0x0001)
Mar 12, 2019 01:07:45.574184895 CET
8.8.8.8 192.168.2.5 0x12d4 No error (0) www.brillianceautobody.com
brillianceautobody.com CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:45.574184895 CET
8.8.8.8 192.168.2.5 0x12d4 No error (0) brillianceautobody.com
69.16.220.44 A (IP address) IN (0x0001)
Mar 12, 2019 01:07:47.309750080 CET
8.8.8.8 192.168.2.5 0x789c No error (0) brillianceautobody.com
69.16.220.44 A (IP address) IN (0x0001)
Mar 12, 2019 01:07:51.062199116 CET
8.8.8.8 192.168.2.5 0x422c No error (0) connect.facebook.net
scontent.xx.fbcdn.net CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:51.062199116 CET
8.8.8.8 192.168.2.5 0x422c No error (0) scontent.xx.fbcdn.net
31.13.75.12 A (IP address) IN (0x0001)
Mar 12, 2019 01:07:51.539872885 CET
8.8.8.8 192.168.2.5 0xb355 No error (0) www.youtube.com
youtube-ui.l.google.com CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:51.728044987 CET
8.8.8.8 192.168.2.5 0x2b2f No error (0) s.ytimg.com ytstatic.l.google.com CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:51.766525984 CET
8.8.8.8 192.168.2.5 0xa504 No error (0) staticxx.facebook.com
scontent.xx.fbcdn.net CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:51.766525984 CET
8.8.8.8 192.168.2.5 0xa504 No error (0) scontent.xx.fbcdn.net
31.13.75.12 A (IP address) IN (0x0001)
DNS Answers
Copyright Joe Security LLC 2019 Page 44 of 80
Mar 12, 2019 01:07:51.780391932 CET
8.8.8.8 192.168.2.5 0x75ed No error (0) www.facebook.com
star-mini.c10r.facebook.com
CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:51.780391932 CET
8.8.8.8 192.168.2.5 0x75ed No error (0) star-mini.c10r.facebook.com
31.13.75.36 A (IP address) IN (0x0001)
Mar 12, 2019 01:07:52.559067965 CET
8.8.8.8 192.168.2.5 0x8830 No error (0) scontent-mrs1-1.xx.fbcdn.net
31.13.75.12 A (IP address) IN (0x0001)
Mar 12, 2019 01:07:54.793481112 CET
8.8.8.8 192.168.2.5 0x18b7 No error (0) lh5.googleusercontent.com
googlehosted.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:54.793481112 CET
8.8.8.8 192.168.2.5 0x18b7 No error (0) googlehosted.l.googleusercontent.com
172.217.168.33 A (IP address) IN (0x0001)
Mar 12, 2019 01:07:54.803030968 CET
8.8.8.8 192.168.2.5 0xd71e No error (0) lh4.googleusercontent.com
googlehosted.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:54.803030968 CET
8.8.8.8 192.168.2.5 0xd71e No error (0) googlehosted.l.googleusercontent.com
172.217.168.33 A (IP address) IN (0x0001)
Mar 12, 2019 01:07:54.814914942 CET
8.8.8.8 192.168.2.5 0xabec No error (0) lh3.googleusercontent.com
googlehosted.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:07:54.814914942 CET
8.8.8.8 192.168.2.5 0xabec No error (0) googlehosted.l.googleusercontent.com
216.58.215.225 A (IP address) IN (0x0001)
Mar 12, 2019 01:08:29.565797091 CET
8.8.8.8 192.168.2.5 0x882e No error (0) external-mrs1-1.xx.fbcdn.net
scontent-mrs1-1.xx.fbcdn.net
CNAME (Canonical name)
IN (0x0001)
Mar 12, 2019 01:08:29.565797091 CET
8.8.8.8 192.168.2.5 0x882e No error (0) scontent-mrs1-1.xx.fbcdn.net
31.13.75.12 A (IP address) IN (0x0001)
Mar 12, 2019 01:08:29.695204973 CET
8.8.8.8 192.168.2.5 0x1ae3 No error (0) facebook.com 185.60.216.35 A (IP address) IN (0x0001)
Mar 12, 2019 01:08:29.902946949 CET
8.8.8.8 192.168.2.5 0x6b7c No error (0) fbcdn.net 185.60.216.35 A (IP address) IN (0x0001)
Mar 12, 2019 01:08:30.095022917 CET
8.8.8.8 192.168.2.5 0x4f10 No error (0) fbsbx.com 157.240.20.35 A (IP address) IN (0x0001)
Mar 12, 2019 01:08:34.231040001 CET
8.8.8.8 192.168.2.5 0x79cd No error (0) scontent.xx.fbcdn.net
31.13.75.12 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Mar 12, 2019 01:07:45.872292995 CET
69.16.220.44 443 192.168.2.5 49797 CN=brillianceautobody.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.
Wed Jan 16 22:19:33 CET 2019 Thu Mar 17 17:40:46 CET 2016
Tue Apr 16 23:19:33 CEST 2019 Wed Mar 17 17:40:46 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=DST Root CA X3, O=Digital Signature Trust Co.
Thu Mar 17 17:40:46 CET 2016
Wed Mar 17 17:40:46 CET 2021
Mar 12, 2019 01:07:45.883534908 CET
69.16.220.44 443 192.168.2.5 49796 CN=brillianceautobody.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.
Wed Jan 16 22:19:33 CET 2019 Thu Mar 17 17:40:46 CET 2016
Tue Apr 16 23:19:33 CEST 2019 Wed Mar 17 17:40:46 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
HTTPS Packets
Copyright Joe Security LLC 2019 Page 45 of 80
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=DST Root CA X3, O=Digital Signature Trust Co.
Thu Mar 17 17:40:46 CET 2016
Wed Mar 17 17:40:46 CET 2021
Mar 12, 2019 01:07:47.578388929 CET
69.16.220.44 443 192.168.2.5 49799 CN=brillianceautobody.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.
Wed Jan 16 22:19:33 CET 2019 Thu Mar 17 17:40:46 CET 2016
Tue Apr 16 23:19:33 CEST 2019 Wed Mar 17 17:40:46 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=DST Root CA X3, O=Digital Signature Trust Co.
Thu Mar 17 17:40:46 CET 2016
Wed Mar 17 17:40:46 CET 2021
Mar 12, 2019 01:07:47.578505039 CET
69.16.220.44 443 192.168.2.5 49798 CN=brillianceautobody.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.
Wed Jan 16 22:19:33 CET 2019 Thu Mar 17 17:40:46 CET 2016
Tue Apr 16 23:19:33 CEST 2019 Wed Mar 17 17:40:46 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=DST Root CA X3, O=Digital Signature Trust Co.
Thu Mar 17 17:40:46 CET 2016
Wed Mar 17 17:40:46 CET 2021
Mar 12, 2019 01:07:51.145804882 CET
31.13.75.12 443 192.168.2.5 49817 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:07:51.163067102 CET
31.13.75.12 443 192.168.2.5 49818 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:07:51.835011005 CET
31.13.75.12 443 192.168.2.5 49827 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 46 of 80
Mar 12, 2019 01:07:51.839515924 CET
31.13.75.12 443 192.168.2.5 49828 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:07:51.901469946 CET
31.13.75.36 443 192.168.2.5 49830 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:07:51.901597023 CET
31.13.75.36 443 192.168.2.5 49829 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:07:52.629849911 CET
31.13.75.12 443 192.168.2.5 49832 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:07:52.629930973 CET
31.13.75.12 443 192.168.2.5 49831 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 47 of 80
Mar 12, 2019 01:07:54.861037970 CET
172.217.168.33 443 192.168.2.5 49838 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=Google Internet Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Fri Mar 01 10:34:17 CET 2019 Thu Jun 15 02:00:42 CEST 2017
Fri May 24 11:25:00 CEST 2019 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Mar 12, 2019 01:07:54.861269951 CET
172.217.168.33 443 192.168.2.5 49840 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=Google Internet Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Fri Mar 01 10:34:17 CET 2019 Thu Jun 15 02:00:42 CEST 2017
Fri May 24 11:25:00 CEST 2019 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Mar 12, 2019 01:07:54.862020969 CET
172.217.168.33 443 192.168.2.5 49839 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=Google Internet Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Fri Mar 01 10:34:17 CET 2019 Thu Jun 15 02:00:42 CEST 2017
Fri May 24 11:25:00 CEST 2019 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Mar 12, 2019 01:07:54.863879919 CET
216.58.215.225 443 192.168.2.5 49842 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=Google Internet Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Fri Mar 01 10:34:17 CET 2019 Thu Jun 15 02:00:42 CEST 2017
Fri May 24 11:25:00 CEST 2019 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Mar 12, 2019 01:07:54.864156961 CET
216.58.215.225 443 192.168.2.5 49841 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=Google Internet Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Fri Mar 01 10:34:17 CET 2019 Thu Jun 15 02:00:42 CEST 2017
Fri May 24 11:25:00 CEST 2019 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 48 of 80
Mar 12, 2019 01:07:54.870767117 CET
172.217.168.33 443 192.168.2.5 49843 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=Google Internet Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Fri Mar 01 10:34:17 CET 2019 Thu Jun 15 02:00:42 CEST 2017
Fri May 24 11:25:00 CEST 2019 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Mar 12, 2019 01:07:54.874231100 CET
172.217.168.33 443 192.168.2.5 49844 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=Google Internet Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Fri Mar 01 10:34:17 CET 2019 Thu Jun 15 02:00:42 CEST 2017
Fri May 24 11:25:00 CEST 2019 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Mar 12, 2019 01:07:54.880201101 CET
172.217.168.33 443 192.168.2.5 49845 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=Google Internet Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Fri Mar 01 10:34:17 CET 2019 Thu Jun 15 02:00:42 CEST 2017
Fri May 24 11:25:00 CEST 2019 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Mar 12, 2019 01:07:54.880610943 CET
172.217.168.33 443 192.168.2.5 49846 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=Google Internet Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Fri Mar 01 10:34:17 CET 2019 Thu Jun 15 02:00:42 CEST 2017
Fri May 24 11:25:00 CEST 2019 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Google Internet Authority G3, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Mar 12, 2019 01:08:24.114589930 CET
69.16.220.44 443 192.168.2.5 49849 CN=brillianceautobody.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.
Wed Jan 16 22:19:33 CET 2019 Thu Mar 17 17:40:46 CET 2016
Tue Apr 16 23:19:33 CEST 2019 Wed Mar 17 17:40:46 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0
37f463bf4616ecd445d4a1937da06e19
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
CN=DST Root CA X3, O=Digital Signature Trust Co.
Thu Mar 17 17:40:46 CET 2016
Wed Mar 17 17:40:46 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 49 of 80
Mar 12, 2019 01:08:29.689766884 CET
31.13.75.12 443 192.168.2.5 49851 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:08:29.689902067 CET
31.13.75.12 443 192.168.2.5 49850 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:08:29.800081015 CET
185.60.216.35 443 192.168.2.5 49852 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:08:29.803087950 CET
185.60.216.35 443 192.168.2.5 49853 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:08:29.972239971 CET
185.60.216.35 443 192.168.2.5 49854 CN=fbcdn.net, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Feb 26 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Mon May 27 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 50 of 80
Code Manipulations
Mar 12, 2019 01:08:29.974001884 CET
185.60.216.35 443 192.168.2.5 49855 CN=fbcdn.net, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Feb 26 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Mon May 27 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:08:30.160558939 CET
157.240.20.35 443 192.168.2.5 49856 CN=fbcdn.net, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Feb 26 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Mon May 27 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
3faf2df7ab96c36419c31725cb1fa7d6
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:08:30.160955906 CET
157.240.20.35 443 192.168.2.5 49857 CN=fbcdn.net, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Feb 26 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Mon May 27 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
3faf2df7ab96c36419c31725cb1fa7d6
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:08:34.291507006 CET
31.13.75.12 443 192.168.2.5 49859 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Mar 12, 2019 01:08:34.291671038 CET
31.13.75.12 443 192.168.2.5 49858 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=CA, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Jan 21 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Apr 21 14:00:00 CEST 2019 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 51 of 80
Statistics
Behavior
• AcroRd32.exe
• AcroRd32.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe
• RdrCEF.exe
• AdobeARM.exe
• iexplore.exe
• iexplore.exe
• AdobeARM.exe
Click to jump to process
System Behavior
File ActivitiesFile Activities
Start time: 01:07:03
Start date: 12/03/2019
Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Proposal2019.pdf'
Imagebase:
File size: 2459120 bytes
MD5 hash: 84E2B28A5B7221B3AAB82CD7CA4D6619
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
File Path Access Attributes Options Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Temp\acrord32_sbx read data or list directory | read attributes | write attributes | synchronize
directory directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
Analysis Process: AcroRd32.exe PID: 4700 Parent PID: 4112Analysis Process: AcroRd32.exe PID: 4700 Parent PID: 4112
General
File CreatedFile Created
Copyright Joe Security LLC 2019 Page 52 of 80
C:\Users\user\AppData\LocalLow read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow\Adobe\Linguistics read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Adobe\Color read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Roaming\Adobe\Linguistics read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
File Path Access Attributes Options Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 53 of 80
C:\Users\user\AppData\Roaming\Adobe\LogTransport2 read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Roaming\Adobe\Headlights read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Roaming\Microsoft\Speech read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Temp\acrocef_low read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident
success or wait 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-190312080710Z-214.bmp
read data or list directory | write data or add file | append data or add subdirectory or create pipe instance | read ea | write ea | read attributes | write attributes | read control | synchronize
normal synchronous io non alert | non directory file
success or wait 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
File Path Access Attributes Options Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 54 of 80
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rici2un_y9uuax_1xs.tmp
read data or list directory | write data or add file | append data or add subdirectory or create pipe instance | read ea | write ea | read attributes | write attributes | read control | synchronize
normal synchronous io non alert | non directory file
success or wait 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
read data or list directory | write data or add file | append data or add subdirectory or create pipe instance | read ea | write ea | read attributes | write attributes | read control | synchronize
normal synchronous io non alert | non directory file
success or wait 2 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1vxnf2m_y9uuay_1xs.tmp
read data or list directory | write data or add file | append data or add subdirectory or create pipe instance | read ea | write ea | read attributes | write attributes | read control | synchronize
normal synchronous io non alert | non directory file
success or wait 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1q2yo2l_y9uuaz_1xs.tmp
read data or list directory | write data or add file | append data or add subdirectory or create pipe instance | read ea | write ea | read attributes | write attributes | read control | synchronize
normal synchronous io non alert | non directory file
success or wait 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rotbgsj_y9uub0_1xs.tmp
read data or list directory | write data or add file | append data or add subdirectory or create pipe instance | read ea | write ea | read attributes | write attributes | read control | synchronize
normal synchronous io non alert | non directory file
success or wait 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rvibz5h_y9uub1_1xs.tmp
read data or list directory | write data or add file | append data or add subdirectory or create pipe instance | read ea | write ea | read attributes | write attributes | read control | synchronize
normal synchronous io non alert | non directory file
success or wait 1 7FFBC930A954 NtCreateFile
File Path Access Attributes Options Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 55 of 80
Registry ActivitiesRegistry Activities
C:\Users\user\AppData\Local\Microsoft\Windows\Caches read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Microsoft\Windows\History read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
C:\Windows\System32\drivers\etc\hosts unknown 2 success or wait 1 77761E4C NtReadFile
C:\Windows\System32\drivers\etc\hosts unknown 998 success or wait 2 77761E4C NtReadFile
C:\Windows\System32\drivers\etc\hosts unknown 2 success or wait 5 77761E4C NtReadFile
C:\Windows\System32\drivers\etc\hosts unknown 998 success or wait 9 77761E4C NtReadFile
C:\Program Files (x86)\desktop.ini unknown 176 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\desktop.ini unknown 284 success or wait 1 77761E4C NtReadFile
C:\Users\user\Documents\desktop.ini unknown 404 success or wait 1 77761E4C NtReadFile
C:\Users\user\Music\desktop.ini unknown 506 success or wait 1 77761E4C NtReadFile
C:\Users\user\Pictures\desktop.ini unknown 506 success or wait 1 77761E4C NtReadFile
C:\Users\user\Videos\desktop.ini unknown 506 success or wait 1 77761E4C NtReadFile
C:\Users\user\Downloads\desktop.ini unknown 284 success or wait 1 77761E4C NtReadFile
C:\Users\user\OneDrive\desktop.ini unknown 98 success or wait 1 77761E4C NtReadFile
Key Path Completion CountSourceAddress Symbol
HKEY_LOCAL_MACHINE\System\Acrobatbrokerserverdispatchercpp789 success or wait 1 7FFBC930A254 NtCreateKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\NoTimeOut success or wait 1 7FFBC930A254 NtCreateKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles success or wait 1 7FFBC930A254 NtCreateKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1 success or wait 1 7FFBC930A254 NtCreateKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2 success or wait 1 7FFBC930A254 NtCreateKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\TrustManager success or wait 1 7FFBC930A254 NtCreateKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\TrustManager\cDefaultLaunchURLPerms success or wait 1 7FFBC930A254 NtCreateKey
File ReadFile Read
Key CreatedKey Created
Copyright Joe Security LLC 2019 Page 56 of 80
Key Path Name Type Data Completion CountSourceAddress Symbol
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
aFS unicode DOS success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tDIText unicode /C/Users/user/Desktop/Proposal2019.pdf
success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tFileName unicode Proposal2019.pdf success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tFileSource unicode local success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sFileAncestors binary 5B 5D 00 success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sDI binary 2F 43 2F 55 73 65 72 73 2F 47 75 63 63 69 2F 44 65 73 6B 74 6F 70 2F 50 72 6F 70 6F 73 61 6C 32 30 31 39 2E 70 64 66 00
success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sDate binary 44 3A 32 30 31 39 30 33 31 32 30 31 30 37 30 39 2D 30 37 27 30 30 27 00
success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
uFileSize dword 205236 success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
uPageCount dword 1 success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
aFS unicode CHTTP success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
tDIText unicode http://www.adobe.com/go/homeacrordrunified18_2018
success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
tFileName unicode Welcome.pdf success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
sFileAncestors binary 5B 5D 00 success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
sDI binary 68 74 74 70 3A 2F 2F 77 77 77 2E 61 64 6F 62 65 2E 63 6F 6D 2F 67 6F 2F 68 6F 6D 65 61 63 72 6F 72 64 72 75 6E 69 66 69 65 64 31 38 5F 32 30 31 38 00
success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
sDate binary 44 3A 32 30 31 38 31 31 32 32 31 31 31 34 34 33 2D 30 38 27 30 30 27 00
success or wait 1 7FFBC930AAA4 NtSetValueKey
File ActivitiesFile Activities
Start time: 01:07:03
Start date: 12/03/2019
Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Proposal2019.pdf'
Imagebase:
File size: 2459120 bytes
MD5 hash: 84E2B28A5B7221B3AAB82CD7CA4D6619
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
File Path Access Attributes Options Completion CountSourceAddress Symbol
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
Key Value CreatedKey Value Created
Analysis Process: AcroRd32.exe PID: 2512 Parent PID: 4700Analysis Process: AcroRd32.exe PID: 2512 Parent PID: 4700
General
File CreatedFile Created
Copyright Joe Security LLC 2019 Page 57 of 80
C:\Users\user\AppData\Local read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Roaming read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Microsoft\Windows\Caches read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\Microsoft\Windows\Caches read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
access denied 1 7FFBC930A954 NtCreateFile
C:\ProgramData read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
object name collision 1 7FFBC930A954 NtCreateFile
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Completion CountSourceAddress Symbol
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal success or wait 4 7FFBC930A394 NtSetInformationFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rici2un_y9uuax_1xs.tmp success or wait 1 7FFBC930A394 NtSetInformationFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1vxnf2m_y9uuay_1xs.tmp success or wait 1 7FFBC930A394 NtSetInformationFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1q2yo2l_y9uuaz_1xs.tmp success or wait 1 7FFBC930A394 NtSetInformationFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rotbgsj_y9uub0_1xs.tmp success or wait 1 7FFBC930A394 NtSetInformationFile
C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rvibz5h_y9uub1_1xs.tmp success or wait 1 7FFBC930A394 NtSetInformationFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File DeletedFile Deleted
File WrittenFile Written
Copyright Joe Security LLC 2019 Page 58 of 80
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-190312080710Z-214.bmp
unknown 4096 42 4d e6 26 01 00 00 00 00 00 36 00 00 00 28 00 00 00 a4 00 00 00 8d ff ff ff 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
BM.&......6...(............. ..................................................................................................................................................................................................................................
success or wait 19 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
0 512 00 00 00 00 00 00 00 00 00 00 00 00 ea 54 a4 90 00 00 00 0f 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
.............T................
..............................
..............................
..............................
..............................
..............................
..............................
..............................
...............
success or wait 4 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
512 4 00 00 00 04 .... success or wait 4 77761E4C NtWriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 59 of 80
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
516 4096 0d 00 00 00 0a 0b 9a 00 0f cf 0f 58 0e e1 0e 68 0d f0 0d 79 0d 02 0c 89 0c 11 0b 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
...........X...h...y..........
..............................
..............................
..............................
..............................
..............................
..............................
..............................
...............
success or wait 4 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
4612 4 ea 54 a5 ef .T.. success or wait 4 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
4616 4 00 00 00 01 .... success or wait 4 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
4620 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 07 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 2e 24 80 0d 0c 8b 00 08 08 31 00 0e 96 0c 93 0a 94 0c 54 09 87 0a 55 08 31 09 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SQLite format 3......@ ..........................................................................$.......1........T...U.1.D...................................................................................................................................
success or wait 4 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
8716 4 ea 54 a7 06 .T.. success or wait 4 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
0 12 d9 d5 05 f9 20 a1 63 d7 00 00 00 02
.... .c..... success or wait 4 77761E4C NtWriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 60 of 80
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
0 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 08 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 2e 24 80 0d 0c 8b 00 08 08 31 00 0e 96 0c 93 0a 94 0c 54 09 87 0a 55 08 31 09 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SQLite format 3......@ ..........................................................................$.......1........T...U.1.D...................................................................................................................................
success or wait 8 77761E4C NtWriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin unknown 8192 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin unknown 8192 success or wait 3 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin unknown 8192 success or wait 1 77761E4C NtReadFile
C:\Windows\Fonts\StaticCache.dat unknown 60 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 8 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 32768 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 33792 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 33073 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp unknown 1024 success or wait 16 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp
unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp unknown 1024 success or wait 3 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Review_RHP.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp unknown 1024 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
File ReadFile Read
Copyright Joe Security LLC 2019 Page 61 of 80
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 12288 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 32768 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 28672 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 32784 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat unknown 284847 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 35280 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 33461 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 65536 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 284 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 33509 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 12035 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\desktop.ini unknown 176 success or wait 1 77761E4C NtReadFile
C:\Users\desktop.ini unknown 176 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst unknown 4096 end of file 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst unknown 4096 success or wait 25 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst unknown 4096 end of file 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst unknown 4096 success or wait 3 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst unknown 4096 end of file 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst unknown 4096 success or wait 3 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst unknown 4096 end of file 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst unknown 4096 success or wait 3 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst unknown 4096 end of file 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 304 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 25288 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 32768 success or wait 5 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 284 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 217 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24576 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 20480 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 32 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek unknown 264 success or wait 1 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 62 of 80
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 656 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 656 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 288 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 48 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 96 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\version.js unknown 2763 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\variant.js unknown 268 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 4096 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents 4096 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 32768 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 28672 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 217 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 63 of 80
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
\com.adobe.reader.rna.125c unknown 4 success or wait 3 77761E4C NtReadFile
\com.adobe.reader.rna.125c unknown 638 success or wait 48 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 11 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 64 of 80
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 1293 success or wait 1 77761E4C NtReadFile
C:\Users\user\Desktop\Proposal2019.pdf unknown 284 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 32768 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 49152 4096 success or wait 1 77761E4C NtReadFile
\com.adobe.reader.rna.125c unknown 4 cancelled 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 32768 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 28672 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 65 of 80
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 32768 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 28672 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 16384 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 12288 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 16384 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 12288 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 4096 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 12288 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal 9216 8 end of file 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 4096 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 66 of 80
Registry ActivitiesRegistry Activities
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 36864 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 40960 4096 success or wait 4 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 53248 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 24576 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages 20480 4096 success or wait 1 77761E4C NtReadFile
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm unknown 128 success or wait 1 77761E4C NtReadFile
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm unknown 4 success or wait 1 77761E4C NtReadFile
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm unknown 12 success or wait 17 77761E4C NtReadFile
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm unknown 3144 success or wait 1 77761E4C NtReadFile
C:\Windows\System32\drivers\etc\hosts unknown 2 success or wait 1 77761E4C NtReadFile
C:\Windows\System32\drivers\etc\hosts unknown 998 success or wait 2 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB
0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB
0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB
24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB
4096 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 32 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek unknown 264 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 656 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 656 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store unknown 288 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 4 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei unknown 32 success or wait 1 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
aDefaultRHPViewModeL unicode Expanded success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bExpandRHPInViewer dword 1 success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\NoTimeOut
smailto binary 59 00 success or wait 1 7FFBC930AAA4 NtSetValueKey
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Workflows\cServices
iUpdateId dword 3 success or wait 1 7FFBC930AAA4 NtSetValueKey
Key Value CreatedKey Value Created
Copyright Joe Security LLC 2019 Page 67 of 80
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\TrustManager\cDefaultLaunchURLPerms
tHostPerms unicode version:2|brillianceautobody.com:2 success or wait 1 7FFBC930AAA4 NtSetValueKey
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal dword 1 0 success or wait 1 7FFBC930AAA4 NtSetValueKey
File ActivitiesFile Activities
Start time: 01:07:08
Start date: 12/03/2019
Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Imagebase:
File size: 9805296 bytes
MD5 hash: C4531F5D235167293675FF6CE5472440
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
File Path Access Attributes Options Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\CEF read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
access denied 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\CEF read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
access denied 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\Local\CEF read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
access denied 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF7876d.TMP
read attributes | delete | synchronize | generic write
hidden | temporary
synchronous io non alert | non directory file
success or wait 1 7FFBC930A954 NtCreateFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG read attributes | synchronize | generic write
none synchronous io non alert | non directory file
success or wait 1 7FFBC930A954 NtCreateFile
File Path Completion CountSourceAddress Symbol
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF7876d.TMP success or wait 1 7FFBC930A394 NtSetInformationFile
Key Value ModifiedKey Value Modified
Analysis Process: RdrCEF.exe PID: 4408 Parent PID: 4700Analysis Process: RdrCEF.exe PID: 4408 Parent PID: 4700
General
File CreatedFile Created
File DeletedFile Deleted
Copyright Joe Security LLC 2019 Page 68 of 80
Old File Path New File Path Completion CountSourceAddress Symbol
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old
object name collision 1 7FFBC930A394 NtSetInformationFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
unknown 16 56 4c 6e 6b 03 00 00 00 fd 3f 00 00 04 00 00 00
VLnk.....?...... success or wait 18 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
unknown 126976 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
..............................
..............................
..............................
..............................
..............................
..............................
..............................
..............................
...............
success or wait 6 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
unknown 125 32 30 31 39 2f 30 33 2f 31 32 2d 30 31 3a 30 37 3a 31 32 2e 37 31 35 20 33 37 30 30 20 52 65 75 73 69 6e 67 20 4d 41 4e 49 46 45 53 54 20 43 3a 5c 55 73 65 72 73 5c 47 75 63 63 69 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 4c 6f 77 5c 41 64 6f 62 65 5c 41 63 72 6f 43 65 66 5c 44 43 5c 41 63 72 6f 62 61 74 5c 43 61 63 68 65 2f 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a
2019/03/12-01:07:12.715 3700 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.
success or wait 1 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
unknown 47 32 30 31 39 2f 30 33 2f 31 32 2d 30 31 3a 30 37 3a 31 32 2e 37 34 37 20 33 37 30 30 20 52 65 63 6f 76 65 72 69 6e 67 20 6c 6f 67 20 23 33 0a
2019/03/12-01:07:12.747 3700 Recovering log #3.
success or wait 1 77761E4C NtWriteFile
File MovedFile Moved
File WrittenFile Written
Copyright Joe Security LLC 2019 Page 69 of 80
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
unknown 120 32 30 31 39 2f 30 33 2f 31 32 2d 30 31 3a 30 37 3a 31 32 2e 37 34 39 20 33 37 30 30 20 52 65 75 73 69 6e 67 20 6f 6c 64 20 6c 6f 67 20 43 3a 5c 55 73 65 72 73 5c 47 75 63 63 69 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 4c 6f 77 5c 41 64 6f 62 65 5c 41 63 72 6f 43 65 66 5c 44 43 5c 41 63 72 6f 62 61 74 5c 43 61 63 68 65 2f 30 30 30 30 30 33 2e 6c 6f 67 20 0a
2019/03/12-01:07:12.749 3700 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
success or wait 1 77761E4C NtWriteFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
8192 296 e0 27 14 f0 28 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
.'..(.........................
..............................
..............................
..............................
..............................
..............................
..............................
..............................
...............
success or wait 1 77761E4C NtWriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
C:\Windows\System32\drivers\etc\hosts unknown 65536 success or wait 1 77761E4C NtReadFile
C:\Windows\System32\drivers\etc\hosts unknown 61440 end of file 1 77761E4C NtReadFile
C:\Windows\System32\drivers\etc\hosts unknown 65536 end of file 1 77761E4C NtReadFile
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm unknown 65536 success or wait 1 77761E4C NtReadFile
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm unknown 61440 end of file 1 77761E4C NtReadFile
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm unknown 65536 end of file 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links unknown 126976 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links unknown 4096 success or wait 1 77761E4C NtReadFile
\com.adobe.reader.rna.user.DC.0 unknown 4 success or wait 14 77761E4C NtReadFile
\com.adobe.reader.rna.user.DC.0 unknown 57 success or wait 35 77761E4C NtReadFile
\mojo.4408.4420.9103921679512718569 0 4096 pending 1 77761E4C NtReadFile
\mojo.4408.4420.18146416045136655641 0 4096 pending 1 77761E4C NtReadFile
\mojo.4408.3160.15297076308334769913 0 4096 pending 1 77761E4C NtReadFile
\mojo.4408.4420.1577160513789369015 0 4096 pending 1 77761E4C NtReadFile
\mojo.4408.4420.18146416045136655641 0 4096 pending 4 77761E4C NtReadFile
\mojo.4408.4420.18146416045136655641 0 4096 success or wait 5 77761E4C NtReadFile
\mojo.4408.4420.18146416045136655641 0 4096 pending 7 77761E4C NtReadFile
File ReadFile Read
Copyright Joe Security LLC 2019 Page 70 of 80
\mojo.4408.4420.18146416045136655641 0 4096 success or wait 6 77761E4C NtReadFile
\mojo.4408.4420.1577160513789369015 0 4096 pending 325 77761E4C NtReadFile
\mojo.4408.3160.14335536072284911387 0 4096 pending 1 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 pending 2 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 pending 263 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 success or wait 41 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 success or wait 202 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 pending 268 77761E4C NtReadFile
\mojo.4408.4420.1577160513789369015 0 4096 success or wait 121 77761E4C NtReadFile
\mojo.4408.4420.1577160513789369015 0 4096 pending 210 77761E4C NtReadFile
\mojo.4408.4420.1577160513789369015 0 4096 success or wait 38 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 pending 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\index.html unknown 4096 success or wait 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\index.html unknown 4096 end of file 2 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies 0 100 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies 0 4096 success or wait 1 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 success or wait 5 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 success or wait 9 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 pending 7 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 pending 8 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies 24 16 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies 8192 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies 4096 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies 24 16 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main.css
unknown 4096 success or wait 110 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main.css
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\init.js unknown 4096 success or wait 4 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\init.js unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\plugins.js unknown 4096 success or wait 12 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\plugins.js unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\base_uris.js unknown 4096 success or wait 4 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\base_uris.js unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\require.min.js
unknown 4096 success or wait 8 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\require.min.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index 0 4096 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index 0 524656 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0 0 8192 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0 0 8192 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1 0 8192 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2 0 8192 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3 0 8192 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1 8192 512 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\rna-main.js
unknown 4096 success or wait 1055 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\rna-main.js
unknown 4096 end of file 2 77761E4C NtReadFile
\mojo.4408.4420.609238194047190377 0 4096 pending 1 77761E4C NtReadFile
\mojo.4408.4420.15235616793323772576 0 4096 pending 1 77761E4C NtReadFile
\mojo.4408.4420.15235616793323772576 0 4096 pending 7 77761E4C NtReadFile
\mojo.4408.4420.15235616793323772576 0 4096 success or wait 6 77761E4C NtReadFile
\mojo.4408.4420.15235616793323772576 0 4096 pending 10 77761E4C NtReadFile
\mojo.4408.4420.15235616793323772576 0 4096 success or wait 6 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef.css
unknown 4096 success or wait 28 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef.css
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-ui-theme.css
unknown 4096 success or wait 6 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-ui-theme.css
unknown 4096 end of file 2 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 71 of 80
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win.css
unknown 4096 success or wait 4 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win.css
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\config.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\config.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\desktop.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\desktop.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT unknown 8192 success or wait 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT unknown 8192 end of file 1 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001 unknown 32768 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\main-selector.css
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\000003.log unknown 32768 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\main-selector.css
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\main.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\main.css
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\main.css
unknown 4096 success or wait 4 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\main.css
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\selector.js
unknown 4096 success or wait 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\selector.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\selector.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\selector.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\selector.js
unknown 4096 success or wait 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\selector.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\plugin.js
unknown 4096 success or wait 12 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\plugin.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\plugin.js
unknown 4096 success or wait 11 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\plugin.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\plugin.js
unknown 4096 success or wait 28 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\plugin.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\plugin.js
unknown 4096 success or wait 30 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\plugin.js
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\main-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\css\main-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\main-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 72 of 80
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\main.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\css\main.css
unknown 4096 success or wait 3 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\main.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\selector.js
unknown 4096 success or wait 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\selector.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\selector.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\plugin.js
unknown 4096 success or wait 3 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\plugin.js
unknown 4096 success or wait 84 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\plugin.js
unknown 4096 success or wait 4 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\css\plugin-selectors.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\css\plugin-selectors.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js
unknown 4096 success or wait 43 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\home-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\home-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\css\main-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\main-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\css\main-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\home-view.css
unknown 4096 success or wait 5 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\home-view.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main.css
unknown 4096 success or wait 2 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 73 of 80
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\main.css
unknown 4096 success or wait 162 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\css\main.css
unknown 4096 success or wait 14 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\css\main.css
unknown 4096 success or wait 15 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\css\main.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\selector.js
unknown 4096 success or wait 5 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
\mojo.4408.4420.5543168704672545056 0 4096 pending 1 77761E4C NtReadFile
\mojo.4408.4420.2402672155826790682 0 4096 pending 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\selector.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\selector.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main-selector.css
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main-selector.css
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\selector.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\selector.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\selector.js
unknown 4096 success or wait 5 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\selector.js
unknown 4096 success or wait 5 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\selector.js
unknown 4096 success or wait 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\plugin.js
unknown 4096 success or wait 66 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\plugin.js
unknown 4096 success or wait 75 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\plugin.js
unknown 4096 success or wait 6 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 74 of 80
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\plugin.js
unknown 4096 success or wait 15 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\plugin.js
unknown 4096 success or wait 59 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\plugin.js
unknown 4096 success or wait 70 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\plugin.js
unknown 4096 success or wait 5 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\plugin.js
unknown 4096 end of file 1 77761E4C NtReadFile
\mojo.4408.4420.2402672155826790682 0 4096 success or wait 21 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\css\main.css
unknown 4096 success or wait 25 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\css\main.css
unknown 4096 end of file 1 77761E4C NtReadFile
\mojo.4408.4420.2402672155826790682 0 4096 pending 14 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js
unknown 4096 success or wait 96 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\selector.js
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\selector.js
unknown 4096 success or wait 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\selector.js
unknown 4096 end of file 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons.png
unknown 4096 success or wait 15 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons.png
unknown 4096 end of file 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\rhp_world_icon.png
unknown 4096 success or wait 1 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\rhp_world_icon.png
unknown 4096 end of file 1 77761E4C NtReadFile
\mojo.4408.4420.2402672155826790682 0 4096 pending 14 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\spectrum_spinner.svg
unknown 4096 success or wait 2 77761E4C NtReadFile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\spectrum_spinner.svg
unknown 4096 end of file 1 77761E4C NtReadFile
\mojo.4408.3160.15297076308334769913 0 4096 pending 4 77761E4C NtReadFile
\com.adobe.reader.rna.user.DC.0 unknown 4 pipe broken 1 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
Start time: 01:07:08
Start date: 12/03/2019
Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x8086 --gpu-device-id=0xbeef --gpu-driver-vendor='Google Inc.' --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --service-request-channel-token=FFA7521D795E3804FF05BD02D82FA356 --mojo-platform-channel-handle=1664 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:
Analysis Process: RdrCEF.exe PID: 4036 Parent PID: 4408Analysis Process: RdrCEF.exe PID: 4036 Parent PID: 4408
General
Copyright Joe Security LLC 2019 Page 75 of 80
File ActivitiesFile Activities
File size: 9805296 bytes
MD5 hash: C4531F5D235167293675FF6CE5472440
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
File Path Offset Length Completion CountSourceAddress Symbol
\mojo.4408.4420.9103921679512718569 unknown 256 success or wait 1 77761E4C NtReadFile
\mojo.4408.4420.18146416045136655641 0 4096 success or wait 1 77761E4C NtReadFile
\mojo.4408.4420.18146416045136655641 0 4096 pending 11 77761E4C NtReadFile
\mojo.4408.4420.18146416045136655641 0 4096 pending 2 77761E4C NtReadFile
\mojo.4408.4420.18146416045136655641 0 4096 success or wait 6 77761E4C NtReadFile
\mojo.4408.4420.18146416045136655641 0 4096 success or wait 3 77761E4C NtReadFile
File ActivitiesFile Activities
Start time: 01:07:09
Start date: 12/03/2019
Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3F4DB22DDF2BDAD7AAA56DA1FA3098C2 --lang=en-US --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3F4DB22DDF2BDAD7AAA56DA1FA3098C2 --renderer-client-id=2 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job /prefetch:1
Imagebase:
File size: 9805296 bytes
MD5 hash: C4531F5D235167293675FF6CE5472440
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
File Path Offset Length Completion CountSourceAddress Symbol
\mojo.4408.3160.15297076308334769913 unknown 256 success or wait 1 77761E4C NtReadFile
\mojo.4408.4420.1577160513789369015 0 4096 success or wait 1 77761E4C NtReadFile
\mojo.4408.4420.1577160513789369015 0 4096 success or wait 62 77761E4C NtReadFile
\mojo.4408.4420.1577160513789369015 0 4096 pending 99 77761E4C NtReadFile
\mojo.4408.4420.1577160513789369015 0 4096 pending 534 77761E4C NtReadFile
File ReadFile Read
Analysis Process: RdrCEF.exe PID: 704 Parent PID: 4408Analysis Process: RdrCEF.exe PID: 704 Parent PID: 4408
General
File ReadFile Read
Copyright Joe Security LLC 2019 Page 76 of 80
\mojo.4408.4420.1577160513789369015 0 4096 success or wait 53 77761E4C NtReadFile
\mojo.4408.3160.15297076308334769913 unknown 256 success or wait 1 77761E4C NtReadFile
\mojo.4408.3160.15297076308334769913 unknown 256 pending 1 77761E4C NtReadFile
\mojo.4408.3160.15297076308334769913 unknown 256 pending 2 77761E4C NtReadFile
File Path Offset Length Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Start time: 01:07:09
Start date: 12/03/2019
Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=38EA98890F0A7C481CB832DA21BA7CBE --lang=en-US --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=38EA98890F0A7C481CB832DA21BA7CBE --renderer-client-id=4 --mojo-platform-channel-handle=1996 --allow-no-sandbox-job /prefetch:1
Imagebase:
File size: 9805296 bytes
MD5 hash: C4531F5D235167293675FF6CE5472440
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
File Path Offset Length Completion CountSourceAddress Symbol
\mojo.4408.3160.14335536072284911387 unknown 256 success or wait 1 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 success or wait 1 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 success or wait 87 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 pending 96 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 pending 494 77761E4C NtReadFile
\mojo.4408.4420.3133857706953506761 0 4096 success or wait 60 77761E4C NtReadFile
Start time: 01:07:10
Start date: 12/03/2019
Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):
Analysis Process: RdrCEF.exe PID: 4448 Parent PID: 4408Analysis Process: RdrCEF.exe PID: 4448 Parent PID: 4408
General
File ReadFile Read
Analysis Process: RdrCEF.exe PID: 5196 Parent PID: 4408Analysis Process: RdrCEF.exe PID: 5196 Parent PID: 4408
General
Copyright Joe Security LLC 2019 Page 77 of 80
File ActivitiesFile Activities
Commandline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x8086 --gpu-device-id=0xbeef --gpu-driver-vendor='Google Inc.' --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --service-request-channel-token=C6B8DE71D474DFAEDF782A78DB74CB19 --mojo-platform-channel-handle=2008 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:
File size: 9805296 bytes
MD5 hash: C4531F5D235167293675FF6CE5472440
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
File Path Offset Length Completion CountSourceAddress Symbol
\mojo.4408.4420.14329260722199354559 unknown 256 success or wait 1 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 success or wait 1 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 pending 11 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 success or wait 4 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 success or wait 6 77761E4C NtReadFile
\mojo.4408.4420.8084988854194497274 0 4096 pending 10 77761E4C NtReadFile
Start time: 01:07:11
Start date: 12/03/2019
Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x8086 --gpu-device-id=0xbeef --gpu-driver-vendor='Google Inc.' --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --service-request-channel-token=386DCD2592ACCE2DC4D0A17AC5491DFB --mojo-platform-channel-handle=2008 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:
File size: 9805296 bytes
MD5 hash: C4531F5D235167293675FF6CE5472440
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
Start time: 01:07:12
Start date: 12/03/2019
Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):
File ReadFile Read
Analysis Process: RdrCEF.exe PID: 5328 Parent PID: 4408Analysis Process: RdrCEF.exe PID: 5328 Parent PID: 4408
General
Analysis Process: RdrCEF.exe PID: 5432 Parent PID: 4408Analysis Process: RdrCEF.exe PID: 5432 Parent PID: 4408
General
Copyright Joe Security LLC 2019 Page 78 of 80
Commandline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x8086 --gpu-device-id=0xbeef --gpu-driver-vendor='Google Inc.' --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.8.20080 Chrome/64.0.3282.119' --service-request-channel-token=1D13F00E7C8D7773A02D86A9A59E19E0 --mojo-platform-channel-handle=2456 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:
File size: 9805296 bytes
MD5 hash: C4531F5D235167293675FF6CE5472440
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
Start time: 01:07:36
Start date: 12/03/2019
Path: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe' /PRODUCT:Reader /VERSION:19.0 /MODE:3
Imagebase:
File size: 1190424 bytes
MD5 hash: BD7AE0AFFBB3A6FD52D956A5694C8073
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
Start time: 01:07:44
Start date: 12/03/2019
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.brillianceautobody.com/*%26%5E%25
Imagebase:
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: high
Start time: 01:07:44
Start date: 12/03/2019
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5832 CREDAT:17410 /prefetch:2
Analysis Process: AdobeARM.exe PID: 5780 Parent PID: 4700Analysis Process: AdobeARM.exe PID: 5780 Parent PID: 4700
General
Analysis Process: iexplore.exe PID: 5832 Parent PID: 4700Analysis Process: iexplore.exe PID: 5832 Parent PID: 4700
General
Analysis Process: iexplore.exe PID: 5880 Parent PID: 5832Analysis Process: iexplore.exe PID: 5880 Parent PID: 5832
General
Copyright Joe Security LLC 2019 Page 79 of 80
Disassembly
Imagebase:
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: high
Start time: 01:11:37
Start date: 12/03/2019
Path: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Wow64 process (32bit):
Commandline: unknown
Imagebase:
File size: 1190424 bytes
MD5 hash: BD7AE0AFFBB3A6FD52D956A5694C8073
Has administrator privileges:
Programmed in: C, C++ or other language
Reputation: moderate
Analysis Process: AdobeARM.exe PID: 5496 Parent PID: 5780Analysis Process: AdobeARM.exe PID: 5496 Parent PID: 5780
General
Copyright Joe Security LLC 2019 Page 80 of 80
Recommended