Windows Analysis Report
Resume_PaulBrew.pdf

Overview

General Information

Sample name: Resume_PaulBrew.pdf
Analysis ID: 1649544
MD5: 868c49e7ba35439caf5ed2086b178ef4
SHA1: 3a793777cb77f34ac0fe9aaf7c41fd908fdd0be3
SHA256: 390eec3572430b9eb667475eb93da9995f11dc93c5395ef98c6b1c02c11a29a4
Infos:

Detection

KnowBe4, PDFPhish
Score: 80
Range: 0 - 100
Confidence: 100%

Signatures

Found potential malicious PDF (bad image similarity)
Multi AV Scanner detection for submitted file
Yara detected KnowBe4 simulated phishing
Yara detected PDFPhish
AI detected landing page (webpage, office document or email)
Suspicious PDF detected (based on various text indicators)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Deletes files inside the Windows folder
HTTP GET or POST without a user agent
IP address seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Resume_PaulBrew.pdf Virustotal: Detection: 31% Perma Link

Phishing
barindex
Yara detected KnowBe4 simulated phishing
Source: Yara match File source: 0.0.pages.csv, type: HTML
Yara detected PDFPhish
Source: Yara match File source: Resume_PaulBrew.pdf, type: SAMPLE
AI detected landing page (webpage, office document or email)
Source: PDF document Joe Sandbox AI: Page contains button: 'Secure Open' Source: 'PDF document'
Source: PDF document Joe Sandbox AI: PDF document contains prominent button: 'secure open'
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDF OCR Text: Adob Adobe Document Cloud This document is encrypted using Adobe Secure CloudTM. Click below to securely view contents. Secure Open Please note: Some webmail clients are not compatible with Adobe obat Secure CloudTM. If that happens, download the file and open on Desktop.
Source: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09 HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.24:60847 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.196.92.142:443 -> 192.168.2.24:60848 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.196.92.142:443 -> 192.168.2.24:60849 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.198.42.239:443 -> 192.168.2.24:60851 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.198.42.239:443 -> 192.168.2.24:60850 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.24:60860 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.88.62:443 -> 192.168.2.24:60862 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.193.32:443 -> 192.168.2.24:60858 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.24:60861 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.24:60864 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.139.29.30:443 -> 192.168.2.24:60866 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.91.62:443 -> 192.168.2.24:60868 version: TLS 1.2
Source: unknown HTTPS traffic detected: 208.80.154.240:443 -> 192.168.2.24:60867 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.139.29.114:443 -> 192.168.2.24:60872 version: TLS 1.2
Source: unknown HTTPS traffic detected: 208.80.154.240:443 -> 192.168.2.24:60873 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.214.113.176:443 -> 192.168.2.24:60882 version: TLS 1.2
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1743023067049&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.18.88.62 104.18.88.62
Source: Joe Sandbox View IP Address: 208.80.154.240 208.80.154.240
Source: Joe Sandbox View IP Address: 104.18.91.62 104.18.91.62
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 23.40.179.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.40.179.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.40.179.19
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.68.248
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.68.248
Source: unknown TCP traffic detected without corresponding DNS query: 23.40.179.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.40.179.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.40.179.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.23.20
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.23.20
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.23.20
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.23.20
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.23.20
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.23.20
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09?cid=2454325818 HTTP/1.1Host: kn0wbe4.compromisedblog.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09 HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://kn0wbe4.compromisedblog.com/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09?cid=2454325818Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hubfs/241394/html_file/files/img/KB4-logo.png HTTP/1.1Host: cdn2.hubspot.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /helpimg/landing_pages/css/dd.css HTTP/1.1Host: s3.amazonaws.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/application-3ab7c63a41a8761925d45817a71fb79e0ef7208b59de505ac640c8a2a183ec19.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /packs/js/vendor-69f70dd3792dc7287ac8.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /QRF01zv.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /QRF01zv.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /blog/uploads/Rectangle@2x-1-1-1.png HTTP/1.1Host: static.jobscan.coConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hubfs/241394/html_file/files/img/KB4-logo.png HTTP/1.1Host: cdn2.hubspot.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=RuJtf4AG2LUbTNrPWvYFyhElrTb_1UER1sYGHixGr64-1743023111-1.0.1.1-tXsEyH1mrfcJDyIAwN54b5pySKrTtcE0Ws3K3OGYlDADhJqn1f2JY8YL5o1CnBKxCt1S.HRUP6H3D5VqwMVtWUEX_b5ONkibKWdrqG0_8k4
Source: global traffic HTTP traffic detected: GET /wikipedia/commons/thumb/3/38/Icon_pdf_file.svg/210px-Icon_pdf_file.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /blog/uploads/Rectangle@2x-1-1-1.png HTTP/1.1Host: static.jobscan.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wikipedia/commons/thumb/3/38/Icon_pdf_file.svg/210px-Icon_pdf_file.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secured-login.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: kn0wbe4.compromisedblog.com
Source: global traffic DNS traffic detected: DNS query: secured-login.net
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: s3.amazonaws.com
Source: global traffic DNS traffic detected: DNS query: cdn2.hubspot.net
Source: global traffic DNS traffic detected: DNS query: i.imgur.com
Source: global traffic DNS traffic detected: DNS query: static.jobscan.co
Source: global traffic DNS traffic detected: DNS query: upload.wikimedia.org
Source: unknown HTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1743023067049&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:05:11 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: a11cb2b9-7e9d-40d6-91d4-782fcb9e9b41X-Runtime: 0.012940Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:05:12 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: 4e2ceb11-29b9-4984-b5ed-43437ebde6a3X-Runtime: 0.097210Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:05:12 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: 2c1dfb90-ab59-475d-8d42-4b2d287f1158X-Runtime: 0.014573Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:05:12 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: afed509e-910c-48ea-93df-f767dc1e1741X-Runtime: 0.024246Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:05:12 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeX-Frame-Options: SAMEORIGINX-XSS-Protection: 0X-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCache-Control: no-cacheContent-Security-Policy: X-Request-Id: cf657deb-2f6b-4e50-8938-3ead6716812fX-Runtime: 0.013286Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
Source: chromecache_177.18.dr String found in binary or memory: http://getbootstrap.com)
Source: chromecache_173.18.dr String found in binary or memory: http://preview.training.knowbe4.com/XZ3FlZlZNOVhDMEN3Q2ZsUXJtQkI2Y2JURTg3NTdleWU3cEN2NUtvWFlQV1FiTjR
Source: NGLClient_AcrobatReader124.4.20272.6.log.0.dr, NGLClient_AcrobatReader124.4.20272.6 2025-03-26 17-04-40-305.log.0.dr String found in binary or memory: https://cc-api-data.adobe.io/ingest
Source: chromecache_173.18.dr String found in binary or memory: https://cdn2.hubspot.net/hubfs/241394/html_file/files/img/KB4-logo.png
Source: chromecache_173.18.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css
Source: 6e360bc5-c709-43b0-829f-8f9741fc4c4a.tmp.5.dr String found in binary or memory: https://chrome.cloudflare-dns.com
Source: AdobeCollabSync.exe, 00000007.00000003.3041973580.000002DC777BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.4xI
Source: AdobeCollabSync.exe, 00000007.00000003.3041973580.000002DC777BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77629000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77697000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sch
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77697000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/schas/entit
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77667000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77697000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000002.4798072453.000002DC776C8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3064740210.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3052651553.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3107887978.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3094822440.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3139823857.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3084802758.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3129575890.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3074780715.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3170600121.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3041994981.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/schemas/e
Source: AdobeCollabSync.exe, 00000007.00000003.3041973580.000002DC777BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/schemas/entit
Source: AdobeCollabSync.exe, 00000007.00000003.3041994981.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 00000007.00000003.3041973580.000002DC777BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/schemasZx
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77697000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/schemqE
Source: AdobeCollabSync.exe, 00000007.00000003.3041994981.000002DC776C7000.00000004.00000020.00020000.00000000.sdmp, EntitySync-2025-03-26.log.7.dr String found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC776B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/.
Source: AdobeCollabSync.exe, 00000007.00000003.3170562763.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3094773668.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000002.4798244065.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3150026045.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3084761547.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3041973580.000002DC777BF000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3139770705.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3074749019.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3105265769.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3129534252.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3118264691.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3160330808.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3180683521.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3064681121.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3052609280.000002DC777C2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/7v
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77667000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/F
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77667000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/X8#
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77697000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/essage
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77667000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/n
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77697000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/obat_des
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77697000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/obat_desX
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77697000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/s
Source: AdobeCollabSync.exe, 00000007.00000003.3052192276.000002DC777CF000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3041973580.000002DC777BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/uot;
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77667000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io/sync/w
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77629000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.io_w
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77629000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.iocw
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77629000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://comments.adobe.iou
Source: chromecache_173.18.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Open
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4iaVI
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4jaVI
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVI
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVI
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVI
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVI
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4vaVI
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5OaVI
Source: chromecache_172.18.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5caVI
Source: chromecache_177.18.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_173.18.dr String found in binary or memory: https://i.imgur.com/QRF01zv.png
Source: Resume_PaulBrew.pdf String found in binary or memory: https://kn0wbe4.compromisedblog.com/XL2Rkd2RsdmIxWTNLTEh1NnVwWkc3a3VtcHpaRXM1b09pMDIzbTNZMk5CeEphZVV
Source: Resume_PaulBrew.pdf String found in binary or memory: https://kn0wbe4.compromisedblog.com/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEt
Source: Resume_PaulBrew.pdf String found in binary or memory: https://kn0wbe4.compromisedblog.com/XMHZUY0NyOVZWWXFKZCtIK3NmZzBUSmJCaCtQOVJ6Tm11UzU3TFFLeEhkdzg0QlB
Source: Resume_PaulBrew.pdf String found in binary or memory: https://kn0wbe4.compromisedblog.com/XYnE1UG8wZXpoM1ZzRTZrMFZDOElFL1RXdzNEN3U3bWROejZzNjFkVDdPM2FMS3h
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC77667000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://reviews.adobe.io
Source: chromecache_173.18.dr String found in binary or memory: https://s3.amazonaws.com/helpimg/landing_pages/css/dd.css
Source: chromecache_183.18.dr String found in binary or memory: https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcH
Source: chromecache_173.18.dr String found in binary or memory: https://static.jobscan.co/blog/uploads/Rectangle
Source: chromecache_173.18.dr String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/3/38/Icon_pdf_file.svg/210px-Icon_pdf_file.svg.
Source: unknown Network traffic detected: HTTP traffic on port 60848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown Network traffic detected: HTTP traffic on port 60821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60850
Source: unknown Network traffic detected: HTTP traffic on port 60863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60891
Source: unknown Network traffic detected: HTTP traffic on port 60867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60854
Source: unknown Network traffic detected: HTTP traffic on port 60882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60852
Source: unknown Network traffic detected: HTTP traffic on port 60849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60860
Source: unknown Network traffic detected: HTTP traffic on port 60862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60826
Source: unknown Network traffic detected: HTTP traffic on port 60866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60866
Source: unknown Network traffic detected: HTTP traffic on port 60883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60863
Source: unknown Network traffic detected: HTTP traffic on port 60852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60873
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60872
Source: unknown Network traffic detected: HTTP traffic on port 60861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60879
Source: unknown Network traffic detected: HTTP traffic on port 60869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60849
Source: unknown Network traffic detected: HTTP traffic on port 60891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60883
Source: unknown Network traffic detected: HTTP traffic on port 60860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60881
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60847
Source: unknown Network traffic detected: HTTP traffic on port 60881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60868 -> 443
Source: unknown HTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.24:60847 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.196.92.142:443 -> 192.168.2.24:60848 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.196.92.142:443 -> 192.168.2.24:60849 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.198.42.239:443 -> 192.168.2.24:60851 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.198.42.239:443 -> 192.168.2.24:60850 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.24:60860 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.88.62:443 -> 192.168.2.24:60862 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.193.32:443 -> 192.168.2.24:60858 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.24:60861 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.44.193:443 -> 192.168.2.24:60864 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.139.29.30:443 -> 192.168.2.24:60866 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.91.62:443 -> 192.168.2.24:60868 version: TLS 1.2
Source: unknown HTTPS traffic detected: 208.80.154.240:443 -> 192.168.2.24:60867 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.139.29.114:443 -> 192.168.2.24:60872 version: TLS 1.2
Source: unknown HTTPS traffic detected: 208.80.154.240:443 -> 192.168.2.24:60873 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.214.113.176:443 -> 192.168.2.24:60882 version: TLS 1.2

System Summary
barindex
Found potential malicious PDF (bad image similarity)
Source: Resume_PaulBrew.pdf Static PDF information: Image stream: 21
Creates files inside the system directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\scoped_dir8716_1119716213 Jump to behavior
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\scoped_dir8716_1119716213 Jump to behavior
Source: classification engine Classification label: mal80.phis.winPDF@50/98@28/13
Source: Resume_PaulBrew.pdf Initial sample: https://kn0wbe4.compromisedblog.com/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09?cid=2454325818
Source: Resume_PaulBrew.pdf Initial sample: https://kn0wbe4.compromisedblog.com/xl2rkd2rsdmixwtnlteh1nnvwwkc3a3vtchparxm1b09pmdizbtnzmk5ceephzvvoyxf2dkjoqthib0jjamfbzw9pzwx3b2ltbhovrugvseh5wtn0ou9gafn0rjnynfjqczh4ckdqc3cxdgdrrujud3j2a1brritmbjdzvnbqdjdma2zjdnv6tjq0vur4l0zvcmxib3e2uvpfu1kxdly1z3zmwkpvwed5t1pbvmirahyrrwi3tjlous0tmxbxsnp6vdhoshhdogkrtc0taxrxc1heudl3u0thdfbibhj2bdlndz09?cid=2454325818
Source: Resume_PaulBrew.pdf Initial sample: https://kn0wbe4.compromisedblog.com/XL2Rkd2RsdmIxWTNLTEh1NnVwWkc3a3VtcHpaRXM1b09pMDIzbTNZMk5CeEphZVVOYXF2dkJoQThib0JJamFBZW9pZWx3b2lTbHovRUgvSEh5WTN0OU9GaFN0RjNYNFJqczh4ckdQc3cxdGdRRUJud3J2a1BrRitmbjdzVnBqdjdMa2ZJdnV6TjQ0VUR4L0ZvcmxIb3E2UVpFU1kxdlY1Z3ZMWkpvWEd5T1pBVmIraHYrRWI3TjlOUS0tMXBXSnp6VDhOSHhDOGkrTC0taXRXc1hEUDl3U0thdFBibHJ2bDlndz09?cid=2454325818
Source: Resume_PaulBrew.pdf Initial sample: https://kn0wbe4.compromisedblog.com/xm25kt0nss3kvy0juqmzyou44vitivjvisfjun29cwxnun3jlq1lhchfhzwiywetnzdjktm1vbgdnuwnwaxa2l214r0fvejhmq0rjd1brvhvzyzvudjlmemhrutdjsuzyyxh0velzau10thrlmkv3n2tkafjurexwoud1zgduq05ftu82bwfzsvfyehlqtu11alppa0tjsjhmzgfjmlq5ughcs1zwcjldbefzs2n3nmvwmjrzcnp2ss0tz3jvre1vum80sm5fc3dwsy0tqvy0zmlnyk1lwhhqbgwra1hxcwvxqt09?cid=2454325818
Source: Resume_PaulBrew.pdf Initial sample: https://kn0wbe4.compromisedblog.com/XYnE1UG8wZXpoM1ZzRTZrMFZDOElFL1RXdzNEN3U3bWROejZzNjFkVDdPM2FMS3haNzk3MUk5S1EzS3pSWVNtem8zK2U2RnEwaVVtN1d1ZmR3NU5YR2QxcVZ3ak5zcFlEN0lZUHpJKzczb2V0aEUzY0pqM3hzYnNQM3Z4aXA5NjMzbGhUTVRyMVR5dlVvdkxMa1lQQldEbGZBeGIrcmUwUzVQZi9IalF0UzhsN2NySXhqZHlJYytGSS0tTnhlYVZUalBGVStGcjVlci0tWHMwcUxxZUE0V1I1dGN5Q01aeXY0UT09?cid=2454325818
Source: Resume_PaulBrew.pdf Initial sample: https://kn0wbe4.compromisedblog.com/xyne1ug8wzxpom1zzrtzrmfzdoelfl1rxdznen3u3bwroejzznjfkvddpm2fms3hanzk3muk5s1ezs3pswvntem8zk2u2rnewavvtn1d1zmr3nu5yr2qxcvz3ak5zcflen0lzuhpjkzczb2v0aeuzy0pqm3hzynnqm3z4axa5njmzbghutvrymvr5dlvvdkxma1lqqldebgzbegircmuwuzvqzi9ialf0uzhsn2nysxhqzhljyytgss0ttnhlyvzualbgvstgcjvlci0twhmwcuxxzue0v1i1dgn5q01aexy0ut09?cid=2454325818
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader124.4.20272.6 2025-03-26 17-04-40-305.log Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC776B5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT * FROM device_mappings WHERE( content_item_type = :resourceType);
Source: AdobeCollabSync.exe, 00000007.00000002.4797656158.000002DC776B5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;
Source: Resume_PaulBrew.pdf Virustotal: Detection: 31%
Source: unknown Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Resume_PaulBrew.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1712 --field-trial-handle=1592,i,15319257295920843828,6072331317832979418,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7632
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,3087048889737537394,3794083359230199116,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2096 /prefetch:11
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kn0wbe4.compromisedblog.com/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09?cid=2454325818"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1712 --field-trial-handle=1592,i,15319257295920843828,6072331317832979418,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8000 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7632 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,3087048889737537394,3794083359230199116,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2096 /prefetch:11 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe Section loaded: vccorlib140.dll Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe Section loaded: appcontracts.dll Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\PDFMaker.OfficeAddin Jump to behavior
Source: Resume_PaulBrew.pdf Initial sample: PDF keyword /EmbeddedFile count = 0
Source: Resume_PaulBrew.pdf Initial sample: PDF keyword obj count = 54
PDF has an OpenAction (likely to launch a dropper script)
Source: Resume_PaulBrew.pdf Initial sample: PDF keyword /OpenAction
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Thread delayed: delay time: 21600000 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Thread delayed: delay time: 21600000 Jump to behavior
Source: AdobeCollabSync.exe, 0000000A.00000002.2911026332.000001C742EA4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll||_
Source: AdobeCollabSync.exe, 00000006.00000002.4796620775.0000024E44258000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllw
Source: AdobeCollabSync.exe, 00000007.00000002.4797249656.000002DC75788000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.3190991710.000002DC757AA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000008.00000002.2915302378.000001DE3EB58000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1649544 Sample: Resume_PaulBrew.pdf Startdate: 26/03/2025 Architecture: WINDOWS Score: 80 40 Found potential malicious PDF (bad image similarity) 2->40 42 Multi AV Scanner detection for submitted file 2->42 44 Yara detected KnowBe4 simulated phishing 2->44 46 3 other signatures 2->46 8 Acrobat.exe 22 96 2->8         started        10 chrome.exe 2 2->10         started        13 chrome.exe 2->13         started        process3 dnsIp4 15 AdobeCollabSync.exe 3 8->15         started        17 AcroCEF.exe 91 8->17         started        19 AdobeCollabSync.exe 3 8->19         started        38 192.168.2.24, 137, 138, 443 unknown unknown 10->38 21 chrome.exe 10->21         started        process5 dnsIp6 24 AdobeCollabSync.exe 1 6 15->24         started        26 AcroCEF.exe 2 17->26         started        28 AdobeCollabSync.exe 2 19->28         started        32 upload.wikimedia.org 208.80.154.240, 443, 60867, 60873 WIKIMEDIAUS United States 21->32 34 www.google.com 142.250.81.228, 443, 60847, 60891 GOOGLEUS United States 21->34 36 13 other IPs or domains 21->36 process7 process8 30 FullTrustNotifier.exe 24->30         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.18.88.62
 cdn2.hubspot.net United States
13335 CLOUDFLARENETUS false
108.139.29.114
 unknown United States
16509 AMAZON-02US false
44.214.113.176
 unknown United States
14618 AMAZON-AESUS false
52.217.193.32
 s3.amazonaws.com United States
16509 AMAZON-02US false
44.196.92.142
 landing.training.knowbe4.com United States
14618 AMAZON-AESUS false
208.80.154.240
 upload.wikimedia.org United States
14907 WIKIMEDIAUS false
151.101.44.193
 ipv4.imgur.map.fastly.net United States
54113 FASTLYUS false
104.18.91.62
 unknown United States
13335 CLOUDFLARENETUS false
142.250.81.228
 www.google.com United States
15169 GOOGLEUS false
108.139.29.30
 dttjrzjva8zho.cloudfront.net United States
16509 AMAZON-02US false
44.198.42.239
 secured-login.net United States
14618 AMAZON-AESUS false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.24

Contacted Domains

Name IP Active
cdn2.hubspot.net 104.18.88.62 true
dttjrzjva8zho.cloudfront.net 108.139.29.30 true
s3.amazonaws.com 52.217.193.32 true
cdnjs.cloudflare.com 104.17.25.14 true
www.google.com 142.250.81.228 true
upload.wikimedia.org 208.80.154.240 true
secured-login.net 44.198.42.239 true
landing.training.knowbe4.com 44.196.92.142 true
ipv4.imgur.map.fastly.net 151.101.44.193 true
static.jobscan.co unknown unknown
i.imgur.com unknown unknown
kn0wbe4.compromisedblog.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://secured-login.net/assets/application-3ab7c63a41a8761925d45817a71fb79e0ef7208b59de505ac640c8a2a183ec19.js false
    		high
    https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css false
      		high
      https://kn0wbe4.compromisedblog.com/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09?cid=2454325818 false
        		high
        https://secured-login.net/packs/js/vendor-69f70dd3792dc7287ac8.js false
          		high
          https://secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css false
            		high
            https://secured-login.net/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png false
              		high
              https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1743023067049&w=0&anoncknm=al_app_anon&NoResponseBody=true false
                		high
                https://static.jobscan.co/blog/uploads/Rectangle@2x-1-1-1.png false
                  		high
                  https://upload.wikimedia.org/wikipedia/commons/thumb/3/38/Icon_pdf_file.svg/210px-Icon_pdf_file.svg.png false
                    		high
                    https://secured-login.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css false
                      		high
                      http://c.pki.goog/r/r4.crl false
                        		high
                        https://secured-login.net/favicon.ico false
                          		high
                          http://c.pki.goog/r/r1.crl false
                            		high
                            https://secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js false
                              		high
                              https://s3.amazonaws.com/helpimg/landing_pages/css/dd.css false
                              • Avira URL Cloud: safe
                              		 unknown
                              https://cdn2.hubspot.net/hubfs/241394/html_file/files/img/KB4-logo.png false
                                		high
                                https://i.imgur.com/QRF01zv.png false
                                  		high
                                  https://secured-login.net/assets/landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css false
                                    		high
                                    http://c.pki.goog/r/gsr1.crl false
                                      		high
                                      https://secured-login.net/assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js false
                                        		high
                                        https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09 false
                                          		high