Edit tour

Windows Analysis Report
https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF

Overview

General Information

Sample URL:	https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20
Analysis ID:	1578944
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

HTML body contains low number of good links

HTML body contains password input but no form action

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2392,i,15836406770245707737,10617773760925434663,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTA" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTA

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: chromecache_134.2.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_44fee207-7

Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac...

HTTP Parser: Number of links: 0

HTTP Parser: <input type="password" .../> found but no <form action="...

HTTP Parser: <input type="password" .../> found

Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac	HTTP Parser: No <meta name="author".. found
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac	HTTP Parser: No <meta name="author".. found
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac	HTTP Parser: No <meta name="author".. found

Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac...	HTTP Parser: No <meta name="copyright".. found
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac...	HTTP Parser: No <meta name="copyright".. found
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac...	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 40.81.94.65
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /api/4507022599913472/envelope/?sentry_key=a70bff58cd4048f9e05163230edfd1bd&sentry_version=7 HTTP/1.1Host: o4505393339695104.ingest.us.sentry.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/4507022599913472/envelope/?sentry_key=a70bff58cd4048f9e05163230edfd1bd&sentry_version=7 HTTP/1.1Host: o4505393339695104.ingest.us.sentry.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1734707728386 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://auth.services.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jslibver%2522%253A%2522v2-v0.45.0-8-gd14e654%2522%252C%2522nonce%2522%253A%25222201031935201327%2522%257D%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=dc-prod-virgoweb&scope=AdobeID%2Copenid%2CDCAPI%2Cadditional_info.account_type%2Cadditional_info.optionalAgreements%2Cagreement_sign%2Cagreement_send%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_library_read%2Csign_user_login%2Csao.ACOM_ESIGN_TRIAL%2Cee.dcweb%2Ctk_platform%2Ctk_platform_sync%2Cab.manage%2Cadditional_info.incomplete%2Cadditional_info.creation_source%2Cadditional_info.roles%2Cpps.read%2Cupdate_profile.first_name%2Cupdate_profile.last_name&state=%7B%22ac%22%3A%22adobe.com_acrobatweb_login%22%2C%22jslibver%22%3A%22v2-v0.45.0-8-gd14e654%22%2C%22nonce%22%3A%222201031935201327%22%7D&relay=d6238d33-73de-4c21-b7d5-f7941e485669&locale=en_US&flow_type=token&dctx_id=v%3A2%2Cs%2Cb38599b0-4f50-11ef-a6a9-f5e067928861&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft%2Cline%2Ckakao&check_pba=true&response_type=token&code_challenge_method=plain&redirect_uri=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AVA6C2%3Ae98024ff-74df-4e67-b2df-05f45981789e%23old_h
Source: global traffic	HTTP traffic detected: GET /id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1734707728386 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://auth.services.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jslibver%2522%253A%2522v2-v0.45.0-8-gd14e654%2522%252C%2522nonce%2522%253A%25222201031935201327%2522%257D%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=dc-prod-virgoweb&scope=AdobeID%2Copenid%2CDCAPI%2Cadditional_info.account_type%2Cadditional_info.optionalAgreements%2Cagreement_sign%2Cagreement_send%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_library_read%2Csign_user_login%2Csao.ACOM_ESIGN_TRIAL%2Cee.dcweb%2Ctk_platform%2Ctk_platform_sync%2Cab.manage%2Cadditional_info.incomplete%2Cadditional_info.creation_source%2Cadditional_info.roles%2Cpps.read%2Cupdate_profile.first_name%2Cupdate_profile.last_name&state=%7B%22ac%22%3A%22adobe.com_acrobatweb_login%22%2C%22jslibver%22%3A%22v2-v0.45.0-8-gd14e654%22%2C%22nonce%22%3A%222201031935201327%22%7D&relay=d6238d33-73de-4c21-b7d5-f7941e485669&locale=en_US&flow_type=token&dctx_id=v%3A2%2Cs%2Cb38599b0-4f50-11ef-a6a9-f5e067928861&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft%2Cline%2Ckakao&check_pba=true&response_type=token&code_challenge_method=plain&redirect_uri=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AVA6C2%3Ae98024ff-74df-4e67-b2df-05f45981789e%23ol
Source: global traffic	HTTP traffic detected: GET /id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1734707728386 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=60420686105728287693702795574588267304
Source: global traffic	HTTP traffic detected: GET /v2/430FF2C3-1AB1-40B7-8BE7-44FC683FE02C/api.js HTTP/1.1Host: adobe-api.arkoselabs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jslibver%2522%253A%2522v2-v0.45.0-8-gd14e654%2522%252C%2522nonce%2522%253A%25222201031935201327%2522%257D%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=dc-prod-virgoweb&scope=AdobeID%2Copenid%2CDCAPI%2Cadditional_info.account_type%2Cadditional_info.optionalAgreements%2Cagreement_sign%2Cagreement_send%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_library_read%2Csign_user_login%2Csao.ACOM_ESIGN_TRIAL%2Cee.dcweb%2Ctk_platform%2Ctk_platform_sync%2Cab.manage%2Cadditional_info.incomplete%2Cadditional_info.creation_source%2Cadditional_info.roles%2Cpps.read%2Cupdate_profile.first_name%2Cupdate_profile.last_name&state=%7B%22ac%22%3A%22adobe.com_acrobatweb_login%22%2C%22jslibver%22%3A%22v2-v0.45.0-8-gd14e654%22%2C%22nonce%22%3A%222201031935201327%22%7D&relay=d6238d33-73de-4c21-b7d5-f7941e485669&locale=en_US&flow_type=token&dctx_id=v%3A2%2Cs%2Cb38599b0-4f50-11ef-a6a9-f5e067928861&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft%2Cline%2Ckakao&check_pba=true&response_type=token&code_challenge_method=plain&redirect_uri=https%3A%2F%2Facrobat.adobe.com%2Fid%2Furn%3Aaaid%3Asc%3AVA6C2%3Ae98024ff-74df-4e67-b2df-05f45981789e%23old_hash%3D%26from_ims%3Dtrue%3Fclient_id%3Ddc-prod-virgoweb%26api%3Dauthorize%26scope%3DAdobeID%2Copenid%2CDCAPI%2Cadditional_info.account_type%2Cadditional_info.optionalA
Source: global traffic	HTTP traffic detected: GET /v2/430FF2C3-1AB1-40B7-8BE7-44FC683FE02C/api.js HTTP/1.1Host: adobe-api.arkoselabs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _cfuvid=2Tcy_EqLJ0qhYnviOGCTm_1P9sZBMu9.hAx5FSqz2z4-1717104076479-0.0.1.1-604800000

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: adobe.tt.omtrdc.net
Source: global traffic	DNS traffic detected: DNS query: widget.uservoice.com
Source: global traffic	DNS traffic detected: DNS query: use.typekit.net
Source: global traffic	DNS traffic detected: DNS query: static.adobelogin.com
Source: global traffic	DNS traffic detected: DNS query: prod.adobeccstatic.com
Source: global traffic	DNS traffic detected: DNS query: p.typekit.net
Source: global traffic	DNS traffic detected: DNS query: l.betrad.com
Source: global traffic	DNS traffic detected: DNS query: ims-na1.adobelogin.com
Source: global traffic	DNS traffic detected: DNS query: files-download2.acrocomcontent.com
Source: global traffic	DNS traffic detected: DNS query: dc-api-v2.adobecontent.io
Source: global traffic	DNS traffic detected: DNS query: dc-api.adobecontent.io
Source: global traffic	DNS traffic detected: DNS query: c.evidon.com
Source: global traffic	DNS traffic detected: DNS query: by2.uservoice.com
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: api.echosign.com
Source: global traffic	DNS traffic detected: DNS query: cdn-sharing.adobecc.com
Source: global traffic	DNS traffic detected: DNS query: o4505393339695104.ingest.us.sentry.io
Source: global traffic	DNS traffic detected: DNS query: dpm.demdex.net
Source: global traffic	DNS traffic detected: DNS query: adobe-api.arkoselabs.com

Source: unknown

HTTP traffic detected: POST /api/4507022599913472/envelope/?sentry_key=a70bff58cd4048f9e05163230edfd1bd&sentry_version=7 HTTP/1.1Host: o4505393339695104.ingest.us.sentry.ioConnection: keep-aliveContent-Length: 578sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://acrobat.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://acrobat.adobe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 20 Dec 2024 15:15:20 GMTContent-Type: text/htmlContent-Length: 548Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadVia: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 20 Dec 2024 15:15:23 GMTContent-Type: text/htmlContent-Length: 548Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadVia: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

Source: chromecache_134.2.dr, chromecache_155.2.dr	String found in binary or memory: http://iso.org/pdf/ssn
Source: chromecache_134.2.dr, chromecache_155.2.dr	String found in binary or memory: http://iso.org/pdf2/ssn
Source: chromecache_251.2.dr, chromecache_192.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: chromecache_251.2.dr, chromecache_192.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: chromecache_251.2.dr, chromecache_192.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: chromecache_173.2.dr	String found in binary or memory: https://github.com/WebReflection/url-search-params/blob/master/README.md#ios-10--other-platforms-bug
Source: chromecache_217.2.dr	String found in binary or memory: https://ims-na1.adobelogin.com/
Source: chromecache_251.2.dr, chromecache_192.2.dr	String found in binary or memory: https://p.typekit.net/p.gif
Source: chromecache_156.2.dr, chromecache_146.2.dr	String found in binary or memory: https://sso.behance.net/ims
Source: chromecache_251.2.dr, chromecache_192.2.dr	String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: chromecache_251.2.dr, chromecache_192.2.dr	String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: chromecache_251.2.dr, chromecache_192.2.dr	String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943

Source: classification engine

Classification label: mal48.win@17/214@50/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2392,i,15836406770245707737,10617773760925434663,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTA"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2392,i,15836406770245707737,10617773760925434663,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTA	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Name	IP	Active	Malicious	Reputation
dd20fzx9mj46f.cloudfront.net	13.227.8.105	true	false	unknown
privacycollector-production-457481513.us-east-1.elb.amazonaws.com	52.7.27.64	true	false	high
widget.uservoice.com	104.18.21.58	true	false	high
api.echosign.com	3.236.206.93	true	false	high
d2w650xp5tniea.cloudfront.net	18.161.97.96	true	false	unknown
cdn-sharing.adobecc.map.fastly.net	151.101.1.138	true	false	high
adobetarget.data.adobedc.net	66.235.152.225	true	false	high
o4505393339695104.ingest.us.sentry.io	34.120.195.249	true	false	high
adobe.com.ssl.d1.sc.omtrdc.net	63.140.62.222	true	false	high
www.google.com	142.250.181.132	true	false	high
by2.uservoice.com	104.18.21.58	true	false	high
prod.adobeccstatic.com	3.160.196.35	true	false	high
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	52.212.200.255	true	false	high
use.typekit.net	unknown	unknown	false	high
c.evidon.com	unknown	unknown	false	high
adobe-api.arkoselabs.com	unknown	unknown	false	high
ims-na1.adobelogin.com	unknown	unknown	false	high
assets.adobedtm.com	unknown	unknown	false	high
l.betrad.com	unknown	unknown	false	high
dc-api-v2.adobecontent.io	unknown	unknown	false	high
p.typekit.net	unknown	unknown	false	high
dc-api.adobecontent.io	unknown	unknown	false	high
adobe.tt.omtrdc.net	unknown	unknown	false	high
cdn-sharing.adobecc.com	unknown	unknown	false	high
dpm.demdex.net	unknown	unknown	false	high
static.adobelogin.com	unknown	unknown	false	high
files-download2.acrocomcontent.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1734707728386	false	high
https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1734707728386	false	high
https://o4505393339695104.ingest.us.sentry.io/api/4507022599913472/envelope/?sentry_key=a70bff58cd4048f9e05163230edfd1bd&sentry_version=7	false	high
https://adobe-api.arkoselabs.com/v2/430FF2C3-1AB1-40B7-8BE7-44FC683FE02C/api.js	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://sso.behance.net/ims	chromecache_156.2.dr, chromecache_146.2.dr	false	high
https://p.typekit.net/p.gif	chromecache_251.2.dr, chromecache_192.2.dr	false	high
http://typekit.com/eulas/0000000000000000000176ff	chromecache_251.2.dr, chromecache_192.2.dr	false	high
https://use.typekit.net/af/eaf09c/000000000000000000017703/27/	chromecache_251.2.dr, chromecache_192.2.dr	false	high
http://typekit.com/eulas/000000000000000000017701	chromecache_251.2.dr, chromecache_192.2.dr	false	high
http://typekit.com/eulas/000000000000000000017703	chromecache_251.2.dr, chromecache_192.2.dr	false	high
https://use.typekit.net/af/40207f/0000000000000000000176ff/27/	chromecache_251.2.dr, chromecache_192.2.dr	false	high
https://github.com/WebReflection/url-search-params/blob/master/README.md#ios-10--other-platforms-bug	chromecache_173.2.dr	false	high
http://iso.org/pdf2/ssn	chromecache_134.2.dr, chromecache_155.2.dr	false	high
https://ims-na1.adobelogin.com/	chromecache_217.2.dr	false	high
http://iso.org/pdf/ssn	chromecache_134.2.dr, chromecache_155.2.dr	false	high
https://use.typekit.net/af/cb695f/000000000000000000017701/27/	chromecache_251.2.dr, chromecache_192.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.236.206.93	api.echosign.com	United States	14618	AMAZON-AESUS	false
151.101.1.138	cdn-sharing.adobecc.map.fastly.net	United States	54113	FASTLYUS	false
13.227.8.105	dd20fzx9mj46f.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
66.235.152.225	adobetarget.data.adobedc.net	United States	15224	OMNITUREUS	false
3.160.196.35	prod.adobeccstatic.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.161.97.37	unknown	United States	3	MIT-GATEWAYSUS	false
52.214.247.153	unknown	United States	16509	AMAZON-02US	false
18.161.97.96	d2w650xp5tniea.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
34.120.195.249	o4505393339695104.ingest.us.sentry.io	United States	15169	GOOGLEUS	false
52.212.200.255	dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.8
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578944
Start date and time:	2024-12-20 16:13:45 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTA
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/214@50/14
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 172.217.17.78, 64.233.164.84, 172.217.17.46, 142.250.181.142, 54.213.100.3, 54.149.185.244, 52.25.67.122, 142.250.200.206, 2.20.68.84, 2.20.68.74, 2.16.149.15, 2.16.149.10, 104.18.32.195, 172.64.155.61, 23.32.238.177, 23.32.238.227, 23.32.239.80, 23.32.239.35, 3.230.130.186, 34.197.224.31, 23.32.239.67, 23.32.239.51, 54.224.241.105, 34.237.241.83, 18.213.11.84, 50.16.47.176, 172.66.0.163, 162.159.140.165, 52.6.155.20, 52.22.41.97, 3.233.129.217, 3.219.243.226, 18.176.50.42, 52.197.172.142, 34.252.184.159, 52.48.8.54, 52.31.218.129, 34.199.101.34, 44.198.154.229, 23.218.208.236, 34.193.10.69, 3.223.178.5, 34.225.117.103, 34.199.7.23, 3.227.66.116, 44.206.80.17, 95.101.110.66, 95.101.110.35, 199.232.210.172, 104.18.32.77, 172.64.155.179, 104.86.110.178, 104.86.110.177, 104.86.110.147, 104.86.110.171, 104.86.110.153, 104.86.110.169, 104.86.110.155, 104.86.110.163, 104.86.110.160, 142.250.201.46, 172.217.17.42, 172.217.19.202, 172.217.19.10, 142.250.181.74
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTA

Input	Output
URL: https://postoffice.adobe.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://postoffice.adobe.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1395
Entropy (8bit):	5.208290651600866
Encrypted:	false
SSDEEP:	24:tsWIKcRjJhKjY5AV8LVM3xjMAQilUK4clMMAk2iIlXQLxGMA9boilT7OQw/acW/E:fITjVKVUYpQvK47PBOm9cs3wSTW8m
MD5:	02AC94A5A07350ADB0D698C5064D4E1B
SHA1:	CD1777F9A9FC8C7D764C6538F8A0610B6E9F2829
SHA-256:	52CFE86EC6730241C530C5617099657F9B7561994CD257E50ACA4E60737851FD
SHA-512:	90D090E2A4DC7951DBA3526E625DB0C96DA913E18E91867A51D1CAB21CC63F4B93DC3CBF1ECE258549EAB10C8E1E6F66A37427C49E51537CE64CCA907AE5EABE
Malicious:	false
Reputation:	low
URL:	https://auth.services.adobe.com/img/social/sml-google-logo.svg
Preview:	<svg id="Button_-_Google" data-name="Button - Google" xmlns="http://www.w3.org/2000/svg" width="50" height="50" viewBox="0 0 50 50">. <rect id="Background" width="50" height="50" rx="25" fill="#fff"/>. <g id="Group_69890" data-name="Group 69890" transform="translate(13 10.771)">. <g id="logo_googleg_48dp" transform="translate(0 2.228)">. <path id="Shape" d="M20.52,9.818A13.788,13.788,0,0,0,20.3,7.364H9v4.642h6.458a5.52,5.52,0,0,1-2.395,3.622v3.011h3.878a11.7,11.7,0,0,0,3.578-8.82Z" transform="translate(3 2.455)" fill="#4285f4" fill-rule="evenodd"/>. <path id="Shape-2" data-name="Shape" d="M11.681,20.43a11.456,11.456,0,0,0,7.942-2.907l-3.878-3.011a7.24,7.24,0,0,1-10.778-3.8H.957v3.109A12,12,0,0,0,11.681,20.43Z" transform="translate(0.319 3.57)" fill="#34a853" fill-rule="evenodd"/>. <path id="Shape-3" data-name="Shape" d="M5.285,12.627a7.094,7.094,0,0,1,0-4.56V4.958H1.276a12.015,12.015,0,0,0,0,10.778l4.009-3.109Z" transform="translate(0 1.653)" fill="#fbbc05" fill-rul

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 16:14:41.836297989 CET	53	57069	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:41.859184027 CET	53	64451	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:44.635541916 CET	53	53900	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:45.786902905 CET	51127	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:45.787158966 CET	63264	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:45.926117897 CET	53	51127	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:45.928426981 CET	53	63264	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:47.666368008 CET	123	123	192.168.2.7	40.81.94.65
Dec 20, 2024 16:14:47.868432999 CET	53	51980	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:48.252880096 CET	123	123	40.81.94.65	192.168.2.7
Dec 20, 2024 16:14:52.669121027 CET	60738	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:52.669610977 CET	54531	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:52.909187078 CET	53	60738	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:52.964693069 CET	52913	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:52.965133905 CET	61362	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:52.967405081 CET	59492	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:52.967649937 CET	58726	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.025871038 CET	53	54531	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.103868008 CET	56452	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.104208946 CET	59589	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.104629040 CET	53	52913	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.104981899 CET	53	61362	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.147572994 CET	59409	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.147893906 CET	59336	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.285919905 CET	53	59336	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.449862957 CET	53	59100	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.472270012 CET	53	59409	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.475588083 CET	54860	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.475812912 CET	51188	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.588319063 CET	53	56452	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.641916037 CET	53	59589	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.646599054 CET	50270	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.647030115 CET	59447	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.657599926 CET	55669	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.657766104 CET	61148	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.714405060 CET	53	55985	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.783700943 CET	53	54719	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.857032061 CET	65334	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.857259989 CET	59935	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.862927914 CET	58593	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.863121986 CET	60725	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.932563066 CET	53	50270	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.932849884 CET	53	59447	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:53.934905052 CET	64939	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:53.935323000 CET	61254	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.143285990 CET	53	60725	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:54.200297117 CET	53	61254	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:54.305829048 CET	53	55995	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:54.358134031 CET	53	54190	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:54.359081030 CET	57339	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.359275103 CET	50107	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.420063019 CET	61752	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.420202017 CET	52538	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.448141098 CET	53063	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.448386908 CET	61702	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.491807938 CET	53	55209	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:54.560432911 CET	53	61752	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:54.562566996 CET	53	52538	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:54.563674927 CET	59939	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.563858032 CET	58727	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.772306919 CET	53	59939	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:54.792305946 CET	53	58727	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:54.793371916 CET	50877	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:54.793541908 CET	65486	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:14:55.166341066 CET	53	50877	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:55.167233944 CET	53	65486	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:55.179073095 CET	53	49967	1.1.1.1	192.168.2.7
Dec 20, 2024 16:14:59.891263008 CET	53	52724	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:01.790919065 CET	53	56202	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:15.866175890 CET	64718	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:15.866339922 CET	58855	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:16.236068964 CET	58311	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:16.236222982 CET	62876	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:16.381623030 CET	53	62876	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:16.464394093 CET	53	58311	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:18.499655962 CET	56228	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:18.499845028 CET	54985	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:18.637667894 CET	53	56228	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:18.638679981 CET	53	54985	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:20.613218069 CET	53	55235	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:29.185883999 CET	59597	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:29.186033964 CET	55268	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:29.322948933 CET	53	59597	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:29.324830055 CET	53	55268	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:29.495589018 CET	53	63411	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:31.533751965 CET	64469	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:31.534239054 CET	55920	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:31.536786079 CET	53	61697	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:32.764687061 CET	53	65336	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:33.408648014 CET	53011	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:33.408795118 CET	54924	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:33.545934916 CET	53	53011	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:33.545950890 CET	53	54924	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:35.287534952 CET	53	58568	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:39.367111921 CET	58775	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:39.367472887 CET	62752	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:39.666364908 CET	53	62752	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:39.674527884 CET	53	58775	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:41.519378901 CET	53	54810	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:41.778273106 CET	138	138	192.168.2.7	192.168.2.255
Dec 20, 2024 16:15:42.216396093 CET	49480	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:42.216547012 CET	59092	53	192.168.2.7	1.1.1.1
Dec 20, 2024 16:15:42.361320972 CET	53	49480	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:42.361355066 CET	53	59092	1.1.1.1	192.168.2.7
Dec 20, 2024 16:15:43.433660984 CET	53	56966	1.1.1.1	192.168.2.7
Dec 20, 2024 16:16:03.087225914 CET	53	53742	1.1.1.1	192.168.2.7

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 20, 2024 16:14:53.025957108 CET	192.168.2.7	1.1.1.1	c257	(Port unreachable)	Destination Unreachable
Dec 20, 2024 16:14:53.716366053 CET	192.168.2.7	1.1.1.1	c23b	(Port unreachable)	Destination Unreachable
Dec 20, 2024 16:14:55.285145998 CET	192.168.2.7	1.1.1.1	c282	(Port unreachable)	Destination Unreachable
Dec 20, 2024 16:15:36.033361912 CET	192.168.2.7	1.1.1.1	c250	(Port unreachable)	Destination Unreachable
Dec 20, 2024 16:15:55.519939899 CET	192.168.2.7	1.1.1.1	c250	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:06 UTC	123	IN	HTTP/1.1 408 Request Time-out Content-length: 110 Cache-Control: no-cache Connection: close Content-Type: text/html
2024-12-20 15:15:06 UTC	110	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:17 UTC	722	OUT	POST /api/4507022599913472/envelope/?sentry_key=a70bff58cd4048f9e05163230edfd1bd&sentry_version=7 HTTP/1.1 Host: o4505393339695104.ingest.us.sentry.io Connection: keep-alive Content-Length: 578 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://acrobat.adobe.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://acrobat.adobe.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 15:15:17 UTC	578	OUT	Data Raw: 7b 22 73 65 6e 74 5f 61 74 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 31 35 3a 31 35 3a 31 35 2e 34 33 36 5a 22 2c 22 73 64 6b 22 3a 7b 22 6e 61 6d 65 22 3a 22 73 65 6e 74 72 79 2e 6a 61 76 61 73 63 72 69 70 74 2e 62 72 6f 77 73 65 72 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 37 2e 31 31 38 2e 30 22 7d 2c 22 64 73 6e 22 3a 22 68 74 74 70 73 3a 2f 2f 61 37 30 62 66 66 35 38 63 64 34 30 34 38 66 39 65 30 35 31 36 33 32 33 30 65 64 66 64 31 62 64 40 6f 34 35 30 35 33 39 33 33 33 39 36 39 35 31 30 34 2e 69 6e 67 65 73 74 2e 75 73 2e 73 65 6e 74 72 79 2e 69 6f 2f 34 35 30 37 30 32 32 35 39 39 39 31 33 34 37 32 22 7d 0a 7b 22 74 79 70 65 22 3a 22 73 65 73 73 69 6f 6e 22 7d 0a 7b 22 73 69 64 22 3a 22 31 62 30 35 34 32 62 34 35 63 38 61 34 35 64 33 62 39 64 31 31 64 Data Ascii: {"sent_at":"2024-12-20T15:15:15.436Z","sdk":{"name":"sentry.javascript.browser","version":"7.118.0"},"dsn":"https://a70bff58cd4048f9e05163230edfd1bd@o4505393339695104.ingest.us.sentry.io/4507022599913472"}{"type":"session"}{"sid":"1b0542b45c8a45d3b9d11d
2024-12-20 15:15:18 UTC	530	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Dec 2024 15:15:18 GMT Content-Type: application/json vary: origin, access-control-request-method, access-control-request-headers access-control-allow-origin: * access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after cross-origin-resource-policy: cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-12-20 15:15:18 UTC	12	IN	Data Raw: 32 0d 0a 7b 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2{}0

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:19 UTC	452	OUT	GET /api/4507022599913472/envelope/?sentry_key=a70bff58cd4048f9e05163230edfd1bd&sentry_version=7 HTTP/1.1 Host: o4505393339695104.ingest.us.sentry.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 15:15:20 UTC	290	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Fri, 20 Dec 2024 15:15:20 GMT Content-Type: text/html Content-Length: 548 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-20 15:15:20 UTC	548	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:21 UTC	722	OUT	POST /api/4507022599913472/envelope/?sentry_key=a70bff58cd4048f9e05163230edfd1bd&sentry_version=7 HTTP/1.1 Host: o4505393339695104.ingest.us.sentry.io Connection: keep-alive Content-Length: 711 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://acrobat.adobe.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://acrobat.adobe.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 15:15:21 UTC	711	OUT	Data Raw: 7b 22 73 65 6e 74 5f 61 74 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 31 35 3a 31 35 3a 31 39 2e 32 30 32 5a 22 2c 22 64 73 6e 22 3a 22 68 74 74 70 73 3a 2f 2f 61 37 30 62 66 66 35 38 63 64 34 30 34 38 66 39 65 30 35 31 36 33 32 33 30 65 64 66 64 31 62 64 40 6f 34 35 30 35 33 39 33 33 33 39 36 39 35 31 30 34 2e 69 6e 67 65 73 74 2e 75 73 2e 73 65 6e 74 72 79 2e 69 6f 2f 34 35 30 37 30 32 32 35 39 39 39 31 33 34 37 32 22 7d 0a 7b 22 74 79 70 65 22 3a 22 73 70 61 6e 22 7d 0a 7b 22 64 61 74 61 22 3a 7b 22 73 65 6e 74 72 79 2e 6f 72 69 67 69 6e 22 3a 22 6d 61 6e 75 61 6c 22 2c 22 73 65 6e 74 72 79 2e 6f 70 22 3a 22 75 69 2e 69 6e 74 65 72 61 63 74 69 6f 6e 2e 63 6c 69 63 6b 22 2c 22 72 65 6c 65 61 73 65 22 3a 22 64 63 2d 77 65 62 2d 61 70 70 40 33 2e 36 30 2e Data Ascii: {"sent_at":"2024-12-20T15:15:19.202Z","dsn":"https://a70bff58cd4048f9e05163230edfd1bd@o4505393339695104.ingest.us.sentry.io/4507022599913472"}{"type":"span"}{"data":{"sentry.origin":"manual","sentry.op":"ui.interaction.click","release":"dc-web-app@3.60.
2024-12-20 15:15:21 UTC	530	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Dec 2024 15:15:21 GMT Content-Type: application/json vary: origin, access-control-request-method, access-control-request-headers access-control-allow-origin: * access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after cross-origin-resource-policy: cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-12-20 15:15:21 UTC	12	IN	Data Raw: 32 0d 0a 7b 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2{}0

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:23 UTC	452	OUT	GET /api/4507022599913472/envelope/?sentry_key=a70bff58cd4048f9e05163230edfd1bd&sentry_version=7 HTTP/1.1 Host: o4505393339695104.ingest.us.sentry.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 15:15:23 UTC	290	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Fri, 20 Dec 2024 15:15:23 GMT Content-Type: text/html Content-Length: 548 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-20 15:15:23 UTC	548	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:30 UTC	3729	OUT	GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1734707728386 HTTP/1.1 Host: dpm.demdex.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://auth.services.adobe.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%25 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 15:15:31 UTC	958	IN	HTTP/1.1 302 Found Date: Fri, 20 Dec 2024 15:15:31 GMT Content-Length: 0 Connection: close X-TID: 5iHoKNGkTqI= Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 UTC P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin: https://auth.services.adobe.com Vary: Origin Access-Control-Allow-Credentials: true Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1734707728386 DCS: dcs-prod-irl1-2-v069-0a04df6f3.edge-irl1.demdex.com 0 ms set-cookie: demdex=60420686105728287693702795574588267304; Max-Age=15552000; Expires=Wed, 18 Jun 2025 15:15:31 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:32 UTC	3787	OUT	GET /id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1734707728386 HTTP/1.1 Host: dpm.demdex.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://auth.services.adobe.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%25 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: demdex=60420686105728287693702795574588267304
2024-12-20 15:15:33 UTC	829	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:15:32 GMT Content-Type: application/json;charset=utf-8 Content-Length: 4614 Connection: close X-TID: yIyPPiozSz4= Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 UTC P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin: https://auth.services.adobe.com Vary: Origin Access-Control-Allow-Credentials: true DCS: dcs-prod-irl1-2-v069-0e7c7d1fd.edge-irl1.demdex.com 3 ms set-cookie: demdex=60420686105728287693702795574588267304; Max-Age=15552000; Expires=Wed, 18 Jun 2025 15:15:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
2024-12-20 15:15:33 UTC	4614	IN	Data Raw: 7b 22 64 5f 6d 69 64 22 3a 22 36 30 32 31 36 38 37 30 38 30 30 33 36 32 38 33 36 33 31 33 36 38 36 37 37 38 39 34 30 38 38 31 31 35 33 39 35 38 22 2c 22 69 64 5f 73 79 6e 63 5f 74 74 6c 22 3a 36 30 34 38 30 30 2c 22 64 5f 62 6c 6f 62 22 3a 22 52 4b 68 70 52 7a 38 6b 72 67 32 74 4c 4f 36 70 67 75 58 57 70 35 6f 6c 6b 41 63 55 6e 69 51 59 50 48 61 4d 57 57 67 64 4a 33 78 7a 50 57 51 6d 64 6a 30 79 22 2c 22 64 63 73 5f 72 65 67 69 6f 6e 22 3a 36 2c 22 64 5f 6f 74 74 6c 22 3a 37 32 30 30 2c 22 69 62 73 22 3a 5b 7b 22 69 64 22 3a 22 36 30 22 2c 22 74 74 6c 22 3a 31 34 34 30 30 2c 22 74 61 67 22 3a 22 69 6d 67 22 2c 22 66 69 72 65 55 52 4c 53 79 6e 63 22 3a 30 2c 22 73 79 6e 63 4f 6e 50 61 67 65 22 3a 30 2c 22 75 72 6c 22 3a 5b 22 2f 2f 69 64 73 79 6e 63 2e 72 Data Ascii: {"d_mid":"60216870800362836313686778940881153958","id_sync_ttl":604800,"d_blob":"RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y","dcs_region":6,"d_ottl":7200,"ibs":[{"id":"60","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//idsync.r

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:34 UTC	533	OUT	GET /id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1734707728386 HTTP/1.1 Host: dpm.demdex.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: demdex=60420686105728287693702795574588267304
2024-12-20 15:15:35 UTC	713	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:15:35 GMT Content-Type: application/json;charset=utf-8 Content-Length: 4591 Connection: close X-TID: 0ZnmEwfARl8= Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 UTC P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" DCS: dcs-prod-irl1-2-v069-0e8ac9087.edge-irl1.demdex.com 3 ms set-cookie: demdex=60420686105728287693702795574588267304; Max-Age=15552000; Expires=Wed, 18 Jun 2025 15:15:35 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
2024-12-20 15:15:35 UTC	4591	IN	Data Raw: 7b 22 64 5f 6d 69 64 22 3a 22 36 30 32 31 36 38 37 30 38 30 30 33 36 32 38 33 36 33 31 33 36 38 36 37 37 38 39 34 30 38 38 31 31 35 33 39 35 38 22 2c 22 69 64 5f 73 79 6e 63 5f 74 74 6c 22 3a 36 30 34 38 30 30 2c 22 64 5f 62 6c 6f 62 22 3a 22 52 4b 68 70 52 7a 38 6b 72 67 32 74 4c 4f 36 70 67 75 58 57 70 35 6f 6c 6b 41 63 55 6e 69 51 59 50 48 61 4d 57 57 67 64 4a 33 78 7a 50 57 51 6d 64 6a 30 79 22 2c 22 64 63 73 5f 72 65 67 69 6f 6e 22 3a 36 2c 22 64 5f 6f 74 74 6c 22 3a 37 32 30 30 2c 22 69 62 73 22 3a 5b 7b 22 69 64 22 3a 22 36 30 22 2c 22 74 74 6c 22 3a 31 34 34 30 30 2c 22 74 61 67 22 3a 22 69 6d 67 22 2c 22 66 69 72 65 55 52 4c 53 79 6e 63 22 3a 30 2c 22 73 79 6e 63 4f 6e 50 61 67 65 22 3a 30 2c 22 75 72 6c 22 3a 5b 22 2f 2f 69 64 73 79 6e 63 2e 72 Data Ascii: {"d_mid":"60216870800362836313686778940881153958","id_sync_ttl":604800,"d_blob":"RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y","dcs_region":6,"d_ottl":7200,"ibs":[{"id":"60","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//idsync.r

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65468)
Category:	downloaded
Size (bytes):	1749812
Entropy (8bit):	5.5275497903933
Encrypted:	false
SSDEEP:	49152:CQNbXMrBltZz7YbJOTMioLH30BMrSuF/aj7MF6V9HilOcPdlArpXtummeH8Kkplg:CQNbXMrBltZz7YbJOTMioLHOM9F/aj7P
MD5:	9DD49B3B5DA9D703DBE66F834DC59CA2
SHA1:	E77165F8C8AE9E5649C9E44340D921C1883E869A
SHA-256:	7A81DCDE09C29231076EA9C7822391DFE61E87378AB4B462E19F28BE7A99BECD
SHA-512:	0C41A394C7DAC89A5C206D6C1A2962364238C70D15D563E4034CEF7FD96D74AA427693139E09438A8B5CF642080CABE04E0ABFAF6E9DAB85D3E31D48B8E27666
Malicious:	false
Reputation:	low
URL:	https://acrobat.adobe.com/dcpreviewdropin/3.46.1_2.1083.0/bootstrap.js
Preview:	/! For license information please see bootstrap.js.LICENSE.txt /.(()=>{var e,t,o,i,n={v7Cn:(e,t,o)=>{"use strict";t.B=function A4uAddCircle(e){var t=_extends({},e);return i.default.createElement("svg",_extends({viewBox:"0 0 36 36"},t,t),i.default.createElement("path",{fillRule:"evenodd",d:"M18,2A16,16,0,1,0,34,18,16,16,0,0,0,18,2ZM28,19a1,1,0,0,1-1,1H20v7a1,1,0,0,1-1,1H17a1,1,0,0,1-1-1V20H9a1,1,0,0,1-1-1V17a1,1,0,0,1,1-1h7V9a1,1,0,0,1,1-1h2a1,1,0,0,1,1,1v7h7a1,1,0,0,1,1,1Z"}))};var i=function _interopRequireDefault(e){return e&&e.__esModule?e:{default:e}}(o("YWiy"));function _extends(){return _extends=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var o=arguments[t];for(var i in o)Object.prototype.hasOwnProperty.call(o,i)&&(e[i]=o[i])}return e},_extends.apply(this,arguments)}},kIMi:(e,t,o)=>{"use strict";t.w=function A4uDeleteOutline(e){var t=_extends({},e);return i.default.createElement("svg",_extends({viewBox:"0 0 36 36"},t,t),i.default.createEle

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	589115
Entropy (8bit):	5.746716979488521
Encrypted:	false
SSDEEP:	12288:AookbNaWLttOVLxjCADw1zBdhteVbTaA6AXp:AookbNaWLttOVLxjCADw1zB0JbXp
MD5:	7BB350EDEDA2042FE2630BED5A4CEC3A
SHA1:	B058D56AA221E798A049C6819C9CC60FB2FBEFBA
SHA-256:	85B80A09ADC9A862E40E33195F94AAE8F20B7F3D8DF2FD3C3174970A6A72DCC1
SHA-512:	F47A4E9DCBDBC0CAC7200C73A535A6B56A109B253B72A17727BDF38976437BA4B1329AB1EEAC53243E22ACDF6F7D015172CC251D4D596C39C36194B7AD65B393
Malicious:	false
Reputation:	low
URL:	https://acrobat.adobe.com/dc-viewer-dropin/3.46.1_1.1271.0/dc-view-sdk.js
Preview:	(()=>{var e,t,n,r,o={"5NR0":(e,t,n)=>{"use strict";var r=n("YWiy");e.exports=r.createElement("svg",{viewBox:"0 0 36 36"},r.createElement("path",{d:"M22.175 4H34v28L22.175 4zm-8.336 0H2v28L13.839 4zm4.165 10.317l7.538 17.682h-4.939l-2.258-5.632h-5.517l5.176-12.05z"}))},ETG3:(e,t,n)=>{"use strict";var r=n("YWiy");e.exports=r.createElement("svg",{viewBox:"0 0 48 48"},r.createElement("path",{d:"M29.219 6H44v36L29.219 6zM18.798 6H4v36L18.798 6zm5.207 13.265l9.422 22.733h-6.173l-2.823-7.24h-6.896l6.47-15.493z"}))},XVDt:(e,t,n)=>{"use strict";var r=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},o=_interopRequireDefault(n("EtOT")),a=_interopRequireDefault(n("YWiy"));function _interopRequireDefault(e){return e&&e.__esModule?e:{default:e}}var s=function WrappedIcon(e){return a.default.createElement(o.default,r({},e,{icon:{18:n("5NR0"),24:n("ETG3")}}))};s.displayName="AdobeLogo",t.A=

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:41 UTC	3562	OUT	GET /v2/430FF2C3-1AB1-40B7-8BE7-44FC683FE02C/api.js HTTP/1.1 Host: adobe-api.arkoselabs.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Fid%252Furn%253Aaaid%253Asc%253AVA6C2%253Ae98024ff-74df-4e67-b2df-05f45981789e%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%25 [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-20 15:15:41 UTC	2287	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 65998 Connection: close Date: Fri, 20 Dec 2024 03:13:03 GMT Last-Modified: Wed, 04 Dec 2024 00:11:49 GMT Etag: "927196833b644ed7eed1f2646dc0bc16" X-Amz-Server-Side-Encryption: AES256 Accept-Ranges: bytes Server: cloudfront Via: 1.1 164d117783fd653edf9d918ff78aa7e0.cloudfront.net (CloudFront) Alt-Svc: h3=":443"; ma=86400 Age: 43359 X-Xss-Protection: 1; mode=block Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-Ch: Device-Memory, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-DPR, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-Viewport-Width, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-Width, Sec-CH-UA-Form-Factors Vary: Origin Server-Timing: cdn-cache-hit,cdn-pop;desc="MRS52-P3",cdn-rid;desc="1f4rVNc-CFwJjQg9q9BYmInBP_ekJEWtlwXorjlLw9hLloKt3Kg5nQ==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=22 Cache-Control: public, max-age=0, s-maxage=31536000 Capi-Worker-Type: cloudfront Cf-Request-Time: 21 Content-Security-Policy: connect-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; font-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; frame-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; img-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn data:; script-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; default-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; style-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; Permissions-Policy: accelerometer=, autoplay=, camera=, display-capture=, encrypted-media=, fullscreen=, geolocation=, gyroscope=, midi=, payment=, picture-in-picture=, sync-xhr=, usb=* Timing-Allow-Origin: * Set-Cookie: _cfuvid=2Tcy_EqLJ0qhYnviOGCTm_1P9sZBMu9.hAx5FSqz2z4-1717104076479-0.0.1.1-604800000; Path=/; Secure; SameSite=None; Domain=.arkoselabs.com; X-Cache: Hit from cloudfront X-Amz-Cf-Pop: MRS52-P3 X-Amz-Cf-Id: 1f4rVNc-CFwJjQg9q9BYmInBP_ekJEWtlwXorjlLw9hLloKt3Kg5nQ==
2024-12-20 15:15:41 UTC	16384	IN	Data Raw: 76 61 72 20 61 72 6b 6f 73 65 4c 61 62 73 43 6c 69 65 6e 74 41 70 69 63 32 63 63 62 35 39 33 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 31 38 39 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 2e 4a 3d 76 6f 69 64 20 30 3b 76 61 72 20 6e 3d 2f 5e 28 5b 5e 5c 77 5d 2a 29 28 6a 61 76 61 73 63 72 69 70 74 7c 64 61 74 61 7c 76 62 73 63 72 69 70 74 29 2f 69 6d 2c 72 3d 2f 26 23 28 5c 77 2b 29 28 5e 5c 77 7c 3b 29 3f 2f 67 2c 6f 3d 2f 26 74 61 62 3b 2f 67 69 2c 69 3d 2f 5b 5c 75 30 30 30 30 2d 5c 75 30 30 31 46 5c 75 30 30 37 46 2d 5c 75 30 30 39 46 5c 75 32 30 30 30 2d 5c 75 32 30 30 44 5c 75 46 45 46 46 5d 2f 67 69 6d 2c 61 3d 2f 5e 2e 2b 28 3a 7c 26 63 6f 6c 6f 6e 3b 29 2f 67 69 6d 2c 63 3d 5b 22 2e Data Ascii: var arkoseLabsClientApic2ccb593;!function(){var e={1891:function(e,t){"use strict";t.J=void 0;var n=/^([^\w]*)(javascript\|data\|vbscript)/im,r=/&#(\w+)(^\w\|;)?/g,o=/&tab;/gi,i=/[\u0000-\u001F\u007F-\u009F\u2000-\u200D\uFEFF]/gim,a=/^.+(:\|&colon;)/gim,c=[".
2024-12-20 15:15:42 UTC	16384	IN	Data Raw: 75 6c 74 20 69 73 20 6e 6f 74 20 61 6e 20 6f 62 6a 65 63 74 22 29 2c 74 2e 64 65 6c 65 67 61 74 65 3d 6e 75 6c 6c 2c 76 29 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 65 29 7b 76 61 72 20 74 3d 7b 74 72 79 4c 6f 63 3a 65 5b 30 5d 7d 3b 31 20 69 6e 20 65 26 26 28 74 2e 63 61 74 63 68 4c 6f 63 3d 65 5b 31 5d 29 2c 32 20 69 6e 20 65 26 26 28 74 2e 66 69 6e 61 6c 6c 79 4c 6f 63 3d 65 5b 32 5d 2c 74 2e 61 66 74 65 72 4c 6f 63 3d 65 5b 33 5d 29 2c 74 68 69 73 2e 74 72 79 45 6e 74 72 69 65 73 2e 70 75 73 68 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 50 28 65 29 7b 76 61 72 20 74 3d 65 2e 63 6f 6d 70 6c 65 74 69 6f 6e 7c 7c 7b 7d 3b 74 2e 74 79 70 65 3d 22 6e 6f 72 6d 61 6c 22 2c 64 65 6c 65 74 65 20 74 2e 61 72 67 2c 65 2e 63 6f 6d 70 6c 65 74 69 6f 6e 3d 74 7d 66 75 6e 63 Data Ascii: ult is not an object"),t.delegate=null,v)}function j(e){var t={tryLoc:e[0]};1 in e&&(t.catchLoc=e[1]),2 in e&&(t.finallyLoc=e[2],t.afterLoc=e[3]),this.tryEntries.push(t)}function P(e){var t=e.completion\|\|{};t.type="normal",delete t.arg,e.completion=t}func
2024-12-20 15:15:42 UTC	16384	IN	Data Raw: 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 74 26 26 28 72 3d 72 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 74 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 72 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 31 3b 74 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 21 3d 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3a 7b 7d 3b 74 25 32 3f 50 65 28 4f 62 6a 65 63 74 28 6e 29 2c 21 30 29 2e Data Ascii: ct.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function Ie(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?Pe(Object(n),!0).
2024-12-20 15:15:42 UTC	16384	IN	Data Raw: 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 72 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 31 3b 74 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 21 3d 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3a 7b 7d 3b 74 25 32 3f 72 6e 28 4f 62 6a 65 63 74 28 6e 29 2c 21 30 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 61 28 65 2c 74 2c 6e 5b 74 5d 29 7d 29 29 3a 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 28 65 2c 4f 62 6a 65 Data Ascii: .enumerable}))),n.push.apply(n,r)}return n}function on(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?rn(Object(n),!0).forEach((function(t){a(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Obje
2024-12-20 15:15:42 UTC	462	IN	Data Raw: 2e 61 70 70 6c 79 28 6c 6e 2c 63 29 7d 29 29 2c 53 65 2e 6f 6e 28 22 66 6f 72 63 65 20 72 65 73 65 74 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 6e 28 29 7d 29 29 2c 53 65 2e 6f 6e 28 22 72 65 64 72 61 77 20 63 68 61 6c 6c 65 6e 67 65 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 64 6e 2e 65 6c 65 6d 65 6e 74 26 26 28 64 6e 2e 65 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 69 66 72 61 6d 65 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 69 6e 6c 69 6e 65 22 29 7d 29 29 2c 55 6e 3f 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 69 66 28 21 63 65 28 77 69 6e 64 6f 77 5b 55 6e 5d 29 29 72 65 74 75 72 6e 20 73 65 74 54 69 6d 65 6f 75 74 28 65 2c 31 65 33 29 3b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f Data Ascii: .apply(ln,c)})),Se.on("force reset",(function(){Ln()})),Se.on("redraw challenge",(function(){dn.element&&(dn.element.querySelector("iframe").style.display="inline")})),Un?function e(){if(!ce(window[Un]))return setTimeout(e,1e3);var t=document.querySelecto

Timestamp	Bytes transferred	Direction	Data
2024-12-20 15:15:44 UTC	487	OUT	GET /v2/430FF2C3-1AB1-40B7-8BE7-44FC683FE02C/api.js HTTP/1.1 Host: adobe-api.arkoselabs.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _cfuvid=2Tcy_EqLJ0qhYnviOGCTm_1P9sZBMu9.hAx5FSqz2z4-1717104076479-0.0.1.1-604800000
2024-12-20 15:15:44 UTC	2286	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 65998 Connection: close Date: Fri, 20 Dec 2024 03:13:03 GMT Last-Modified: Wed, 04 Dec 2024 00:11:49 GMT Etag: "927196833b644ed7eed1f2646dc0bc16" X-Amz-Server-Side-Encryption: AES256 Accept-Ranges: bytes Server: cloudfront Via: 1.1 4bd82874db05f18e33453c250ae29266.cloudfront.net (CloudFront) Alt-Svc: h3=":443"; ma=86400 Age: 43362 X-Xss-Protection: 1; mode=block Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-Ch: Device-Memory, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-DPR, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-Viewport-Width, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-Width, Sec-CH-UA-Form-Factors Vary: Origin Server-Timing: cdn-cache-hit,cdn-pop;desc="MRS52-P3",cdn-rid;desc="0lSHXYxAMyHe0E7hgJGsngVNItpzjZOBwXsdO-YCbBjShtyqXcQNZA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2 Cache-Control: public, max-age=0, s-maxage=31536000 Capi-Worker-Type: cloudfront Cf-Request-Time: 1 Content-Security-Policy: connect-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; font-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; frame-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; img-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn data:; script-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; default-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; style-src 'self' .arkoselabs.com .funcaptcha.com .arkoselabs.cn .arkose.com.cn; Permissions-Policy: accelerometer=, autoplay=, camera=, display-capture=, encrypted-media=, fullscreen=, geolocation=, gyroscope=, midi=, payment=, picture-in-picture=, sync-xhr=, usb=* Timing-Allow-Origin: * Set-Cookie: _cfuvid=2Tcy_EqLJ0qhYnviOGCTm_1P9sZBMu9.hAx5FSqz2z4-1717104076479-0.0.1.1-604800000; Path=/; Secure; SameSite=None; Domain=.arkoselabs.com; X-Cache: Hit from cloudfront X-Amz-Cf-Pop: MRS52-P3 X-Amz-Cf-Id: 0lSHXYxAMyHe0E7hgJGsngVNItpzjZOBwXsdO-YCbBjShtyqXcQNZA==
2024-12-20 15:15:44 UTC	16384	IN	Data Raw: 76 61 72 20 61 72 6b 6f 73 65 4c 61 62 73 43 6c 69 65 6e 74 41 70 69 63 32 63 63 62 35 39 33 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 31 38 39 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 2e 4a 3d 76 6f 69 64 20 30 3b 76 61 72 20 6e 3d 2f 5e 28 5b 5e 5c 77 5d 2a 29 28 6a 61 76 61 73 63 72 69 70 74 7c 64 61 74 61 7c 76 62 73 63 72 69 70 74 29 2f 69 6d 2c 72 3d 2f 26 23 28 5c 77 2b 29 28 5e 5c 77 7c 3b 29 3f 2f 67 2c 6f 3d 2f 26 74 61 62 3b 2f 67 69 2c 69 3d 2f 5b 5c 75 30 30 30 30 2d 5c 75 30 30 31 46 5c 75 30 30 37 46 2d 5c 75 30 30 39 46 5c 75 32 30 30 30 2d 5c 75 32 30 30 44 5c 75 46 45 46 46 5d 2f 67 69 6d 2c 61 3d 2f 5e 2e 2b 28 3a 7c 26 63 6f 6c 6f 6e 3b 29 2f 67 69 6d 2c 63 3d 5b 22 2e Data Ascii: var arkoseLabsClientApic2ccb593;!function(){var e={1891:function(e,t){"use strict";t.J=void 0;var n=/^([^\w]*)(javascript\|data\|vbscript)/im,r=/&#(\w+)(^\w\|;)?/g,o=/&tab;/gi,i=/[\u0000-\u001F\u007F-\u009F\u2000-\u200D\uFEFF]/gim,a=/^.+(:\|&colon;)/gim,c=[".
2024-12-20 15:15:44 UTC	16384	IN	Data Raw: 75 6c 74 20 69 73 20 6e 6f 74 20 61 6e 20 6f 62 6a 65 63 74 22 29 2c 74 2e 64 65 6c 65 67 61 74 65 3d 6e 75 6c 6c 2c 76 29 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 65 29 7b 76 61 72 20 74 3d 7b 74 72 79 4c 6f 63 3a 65 5b 30 5d 7d 3b 31 20 69 6e 20 65 26 26 28 74 2e 63 61 74 63 68 4c 6f 63 3d 65 5b 31 5d 29 2c 32 20 69 6e 20 65 26 26 28 74 2e 66 69 6e 61 6c 6c 79 4c 6f 63 3d 65 5b 32 5d 2c 74 2e 61 66 74 65 72 4c 6f 63 3d 65 5b 33 5d 29 2c 74 68 69 73 2e 74 72 79 45 6e 74 72 69 65 73 2e 70 75 73 68 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 50 28 65 29 7b 76 61 72 20 74 3d 65 2e 63 6f 6d 70 6c 65 74 69 6f 6e 7c 7c 7b 7d 3b 74 2e 74 79 70 65 3d 22 6e 6f 72 6d 61 6c 22 2c 64 65 6c 65 74 65 20 74 2e 61 72 67 2c 65 2e 63 6f 6d 70 6c 65 74 69 6f 6e 3d 74 7d 66 75 6e 63 Data Ascii: ult is not an object"),t.delegate=null,v)}function j(e){var t={tryLoc:e[0]};1 in e&&(t.catchLoc=e[1]),2 in e&&(t.finallyLoc=e[2],t.afterLoc=e[3]),this.tryEntries.push(t)}function P(e){var t=e.completion\|\|{};t.type="normal",delete t.arg,e.completion=t}func
2024-12-20 15:15:45 UTC	16384	IN	Data Raw: 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 74 26 26 28 72 3d 72 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 74 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 72 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 31 3b 74 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 21 3d 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3a 7b 7d 3b 74 25 32 3f 50 65 28 4f 62 6a 65 63 74 28 6e 29 2c 21 30 29 2e Data Ascii: ct.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function Ie(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?Pe(Object(n),!0).
2024-12-20 15:15:45 UTC	16384	IN	Data Raw: 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 72 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 31 3b 74 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 21 3d 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3a 7b 7d 3b 74 25 32 3f 72 6e 28 4f 62 6a 65 63 74 28 6e 29 2c 21 30 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 61 28 65 2c 74 2c 6e 5b 74 5d 29 7d 29 29 3a 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 28 65 2c 4f 62 6a 65 Data Ascii: .enumerable}))),n.push.apply(n,r)}return n}function on(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?rn(Object(n),!0).forEach((function(t){a(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Obje
2024-12-20 15:15:45 UTC	462	IN	Data Raw: 2e 61 70 70 6c 79 28 6c 6e 2c 63 29 7d 29 29 2c 53 65 2e 6f 6e 28 22 66 6f 72 63 65 20 72 65 73 65 74 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 6e 28 29 7d 29 29 2c 53 65 2e 6f 6e 28 22 72 65 64 72 61 77 20 63 68 61 6c 6c 65 6e 67 65 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 64 6e 2e 65 6c 65 6d 65 6e 74 26 26 28 64 6e 2e 65 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 69 66 72 61 6d 65 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 69 6e 6c 69 6e 65 22 29 7d 29 29 2c 55 6e 3f 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 69 66 28 21 63 65 28 77 69 6e 64 6f 77 5b 55 6e 5d 29 29 72 65 74 75 72 6e 20 73 65 74 54 69 6d 65 6f 75 74 28 65 2c 31 65 33 29 3b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f Data Ascii: .apply(ln,c)})),Se.on("force reset",(function(){Ln()})),Se.on("redraw challenge",(function(){dn.element&&(dn.element.querySelector("iframe").style.display="inline")})),Un?function e(){if(!ce(window[Un]))return setTimeout(e,1e3);var t=document.querySelecto

Target ID:	0
Start time:	10:14:36
Start date:	20/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	10:14:40
Start date:	20/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2392,i,15836406770245707737,10617773760925434663,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	10
Start time:	10:14:46
Start date:	20/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTA"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre