Windows Analysis Report
https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/2023/boi-comments-on-proposed-90-day-extension-final.pdf

Overview

General Information

Sample URL: https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/2023/boi-comments-on-proposed-90-day-extension-final.pdf
Analysis ID: 1428803
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Drops files with a non-matching file extension (content does not match file extension)
Stores files to the Windows start menu directory

Classification

Source: https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/2023/boi-comments-on-proposed-90-day-extension-final.pdf HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.15:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global traffic HTTP traffic detected: GET /content/dam/aicpa/advocacy/tax/downloadabledocuments/2023/boi-comments-on-proposed-90-day-extension-final.pdf HTTP/1.1Host: us.aicpa.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: us.aicpa.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/2023/boi-comments-on-proposed-90-day-extension-final.pdfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /content/dam/aicpa/advocacy/tax/downloadabledocuments/2023/boi-comments-on-proposed-90-day-extension-final.pdf HTTP/1.1Host: us.aicpa.orgConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=EgpEa1nOLXMftyt&MD=23EAllaZ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A4109009A83X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAASwbiLIRhcTqivhE4W2IlVuzCCjM23MwqbiQQgIgCojlC/myogB9Ado6ldZLbmAmY2A43xx8Pg95gCfRdnoQWuaYlWakEGPrXvE8wV/b%2BzcggQk5HhlVYWXWiG646BmGu8KP31Sq73l2Zy/LJBTTpNMK9F5Xf4dXx1%2B6yiMJT%2B2fAjuVQAgva7X6HcZ5RmLo%2BAHzYKLDPN89LGnUx1w9/B0WUjDltq/BAWbT4d4JqnkIr68k4WWgKPU2PlB%2Bh6ARccpPucLPO2pAyrOnsRmvaP2wv7BxHxmCTasAYOdYsQfpC/f9yJwgJi2igaGGwvm08bCsYKb6UKrb7tv%2BDSYokIMDZgAACKdUmeRmgbEWqAFDVntRyJWhvPJNQKZBmzpDBm/vGiB/ti10bEhS6cDLUsZ86xGZhlTzc/1jmQKofbj7uybinU8BqlVwxbnLmwMHQTGLwACEhT0KkImlAvPD0/nGr1Ac00KhaVDSx2aOHYImNRYN1DOnP6Kyis8T%2BEu8aeFKXTG72sjw3xWwmhknlHIjzG53oFEl8U4t7DbKg1MdGFP2J238QwH8LRDUzP2F9GkJ/lEG%2BGtJW5H1QRjGjk1jyIu3kO4op4rcgoPYBALewHxDtc6Q6KXaJ3DXNXvbwfEZesiuDwZYBEj2MT5UFNOjtzG/ycVklthWalu%2BLwA1ftYfPT3/mUmPBJ%2B6UgIa9IWgbJw1%2BQvfMSONw%2BM0UwaaYGC0X6LxwjLmTUG2VEHf7ZRXBMA5BOhDmdSE1uKmnkfJxYdwm67%2BgRLMno2H6AXFSChDH3JRbOTdyaUstzI6Q261bWy37fSnhPiZ1oFd/NYWS79qWLDhpjtPVwn0QOfIrtczfGglR/p%2BNwm%2BG9Xcenlg682OUCW2EXu0p3qBqjtXzAVsx2afTvPuZOBeEsf4W/8YcdGS2AE%3D%26p%3DX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1713537070User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 1FC2B3CE685A45789AC768071429B558X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUID=5047E5942BB2460EA35B53CCF78DDB3D; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=EgpEa1nOLXMftyt&MD=23EAllaZ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: chromecache_62.1.dr String found in binary or memory: <a href="https://www.youtube.com/user/AICPAMultiMedia" rel="noopener noreferrer nofollow" target="_blank" data-socialiconname="youtube"> equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: us.aicpa.org
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 Apr 2024 14:30:38 GMTContent-Type: text/html;charset=utf-8Transfer-Encoding: chunkedConnection: closeServer: ApacheContent-Security-Policy: base-uri 'self';default-src 'none'; connect-src 'self' inline-only: *; font-src 'self' data: *; img-src 'self' *;script-src 'self' 'unsafe-hashes' 'sha256-H2tlmRuSoiM440uTQK7H3mt3L74Xvy3HDbFQqhasmLM=' 'sha256-F31Z235J4JoHiQd4pwhlVGhZAo9TL1xXkr998POEVGk=' 'sha256-dg9STQouzRiKJUO3yike1CtjTb8JY3xoFiB0syjsclM=' 'sha256-npzn7ujSOdyjMmFgVUD96cEc+e4ADPr6/G36kMw42xg=' 'sha256-5TFWe/7xA1mUO7yvl+1rrgKnK4IkLgDeImwowoNtSio=' 'sha256-0ris5gmMUJMPIW5+I0NnEuFoC0HsIyvgUblcUKRj8DU=' 'sha256-2YCB6Lhue7C9r6969mhdpe1UfjRUR3HR4A0E0by9Kgg=' 'sha256-dPdAVNwRUBOO9U/2jj9+7Wrv56B40z2Jv1G60xrq99k=' 'sha256-1v5J2KvQP4Gbm3K2rHEJwOXTbrRded9lfuiMfmyrgLQ=' 'sha256-zjjpOAlgWBBa3LGAToXGdQdBJ74Nk1FbPuXvyyNud+c=' 'sha256-6Vxqk2EtHXjiJTfzUejPw5pYIuKocUwpWnj5ceUldH4=' 'sha256-jWeJInrhgp2bhmYq4ENjpiKhX8vgbI25wEHe7xZmntk=' 'sha256-MkZksky8RCDrddFfcsZvpoIOBWi+U4WdS/AUDSRoFWc=' 'sha256-JgUlUrFxfMASKHj7b/5oFO6lurjlitmjXKYNNDMUD+Y=' 'sha256-jwKtf7qtuAMIgLD43eyvgH971eEPHz3iVd6yMxfeA9A=' 'sha256-D/PRixJhLrpI1HflSDVH9owyKK3PGUoiNKrmyLvd3tM=' 'sha256-HSqFHC4bxSGLtwIKYvWNU/qQ4Q0oBveduu1wZdFXO+M=' 'sha256-nFFbE/gfqIA03gqrxwtcaywPXAg1nnX0YRI/RaMK8Lo=' 'sha256-k0FSIbTuVFHaoQGas062MT8MxUolKkiZqbpYaF929+c=' 'sha256-rqmm25uujCmwRm3UkPUpq2WM1jbmHLDuEQGkdF9+470=' 'sha256-U7ve//F4t99wIgL0aTmqx7pcSv+0E36f4XP+HwqZU30=' 'sha256-zZ15axXrbdoSqrE42O5dT3pilUPZCKObwx+aitQeT78=' 'sha256-C76Klxj0BnbMe8uaGS7kU+98MDherr94oIyjKlkWxTk=' 'sha256-244y469+HkRw3VOen69J4OuOZPA1f+0QrXS6/KOHJg0=' 'sha256-DNpb+AMfC5A+CyVJTBZTmmAK5kjYiOPpCYonuCoNUDc=' 'sha256-4xvwiEnvCWO3LygP+6rATbySh1+ealhANaQTvdaQaxk=' 'sha256-ClkLV8HfXoqqJ9Kl5sJglafxsF9F9ogSxHZxhR07bq4=' 'sha256-4TpZ3Tx5SLybDXPQaSHGuP1RU4D+pzck+02JLVY61BY=' 'sha256-osjxnKEPL/pQJbFk1dKsF7PYFmTyMWGmVSiL9inhxJY=' 'unsafe-inline' 'unsafe-eval' https://aicpa.ugc.bazaarvoice.com/static/8502-en_us/bvapi.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/04f604fda4ad/launch-4dd043aa3d36.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000054.js https://cdn.mouseflow.com/projects/79d6f783-d04b-41b1-8cd4-ff5b0aef991b.js https://connect.facebook.net/en_US/fbevents.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://siteintercept.qualtrics.com/dxjsmodule/11.94e7d7f0c6a48ca94c06.chunk.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.google-analytics.com/analytics.js https://www.google.com
Source: chromecache_62.1.dr String found in binary or memory: http://account.aicpa.org/eWeb
Source: chromecache_62.1.dr String found in binary or memory: http://blog.aicpa.org/
Source: chromecache_62.1.dr String found in binary or memory: http://ogp.me/ns#
Source: chromecache_62.1.dr String found in binary or memory: http://ogp.me/ns/article#
Source: chromecache_62.1.dr String found in binary or memory: http://www.aicpa.org/
Source: chromecache_62.1.dr String found in binary or memory: http://www.aicpa.org/BecomeACPA/CPAExam
Source: chromecache_62.1.dr String found in binary or memory: http://www.aicpa.org/InterestAreas/FRC
Source: chromecache_62.1.dr String found in binary or memory: http://www.aicpa.org/InterestAreas/Tax
Source: chromecache_62.1.dr String found in binary or memory: http://www.aicpa.org/Membership
Source: chromecache_62.1.dr String found in binary or memory: https://account.aicpa.org/eWeb
Source: chromecache_62.1.dr String found in binary or memory: https://account.aicpa.org/eweb/dynamicpage.aspx?webcode=CreateAccountCheck&RedirectURL=https://us.ai
Source: chromecache_62.1.dr String found in binary or memory: https://aicpa.ugc.bazaarvoice.com/static/8502-en_us/bvapi.js&quot;
Source: chromecache_62.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_62.1.dr String found in binary or memory: https://assets.adobedtm.com/3e79a7f00488/04f604fda4ad/launch-4dd043aa3d36.min.js
Source: chromecache_62.1.dr String found in binary or memory: https://certificates.aicpastore.com/
Source: chromecache_62.1.dr String found in binary or memory: https://certificates.aicpastore.com/accounting-and-auditing
Source: chromecache_62.1.dr String found in binary or memory: https://certificates.aicpastore.com/forensic-and-valuation-services
Source: chromecache_62.1.dr String found in binary or memory: https://certificates.aicpastore.com/risk-management-and-internal-control
Source: chromecache_62.1.dr String found in binary or memory: https://certificates.aicpastore.com/tax-and-life-planning
Source: chromecache_62.1.dr String found in binary or memory: https://certificates.aicpastore.com/technology
Source: chromecache_62.1.dr String found in binary or memory: https://competency.aicpa.org/
Source: chromecache_62.1.dr String found in binary or memory: https://cpapowered.org/
Source: chromecache_62.1.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_62.1.dr String found in binary or memory: https://future.aicpa.org/about/help
Source: chromecache_62.1.dr String found in binary or memory: https://future.aicpa.org/about/refund-policy
Source: chromecache_62.1.dr String found in binary or memory: https://future.aicpa.org/cpe-learning
Source: chromecache_62.1.dr String found in binary or memory: https://future.aicpa.org/cpe-learning/course/cpexpress
Source: chromecache_62.1.dr String found in binary or memory: https://future.aicpa.org/cpe-learning/webcast/annual-webcast-pass
Source: chromecache_62.1.dr String found in binary or memory: https://login.aicpa.org/ForgotPassword
Source: chromecache_62.1.dr String found in binary or memory: https://mycareer.aicpa-cima.com/jobs/north-america/?utm_source=aicpa&utm_medium=website&utm_campaign
Source: chromecache_62.1.dr String found in binary or memory: https://prima.aicpa.org/
Source: chromecache_62.1.dr String found in binary or memory: https://salary.aicpaglobal.com/
Source: chromecache_62.1.dr String found in binary or memory: https://secureaicpa.okta.com
Source: chromecache_61.1.dr, downloaded.pdf.crdownload.0.dr String found in binary or memory: https://strgnfibcom.blob.core.windows.net/nfibcom/Banking-Survey-2023-Part-II.pdf)
Source: chromecache_62.1.dr String found in binary or memory: https://us-content.vergic.com
Source: chromecache_61.1.dr, downloaded.pdf.crdownload.0.dr String found in binary or memory: https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/2013.04.11-report-on-civil
Source: downloaded.pdf.crdownload.0.dr String found in binary or memory: https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/tax-policy-concept-stateme
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa-cima.com/disruption.html
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa-cima.com/resources/download/aicpa-ssaes-currently-effective
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa-cima.com/resources/download/aicpa-ssarss-currently-effective
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa-cima.com/resources/download/aicpa-statements-on-auditing-standards-currently-effec
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa-cima.com/resources/landing/asb-auditing-standards-board
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa-cima.com/resources/landing/press-center
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa-cima.com/search?category=news&sortBy=newest-first
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa-cima.com/topic/technology
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/404.html
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/account/cart
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/account/purchases
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/category/cpe-learning/financial-planning
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/accounting-reporting
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/audit-assurance
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/certificate-program
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/conference
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/course
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/ethics
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/forensic-services
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/government
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/not-for-profit
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/publication
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/tax
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/cpe-learning/webcast-conference
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/membership/join.html
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/resources/landing/press-center
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/search/
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/search/?category=cpe-learning
Source: chromecache_62.1.dr String found in binary or memory: https://www.aicpa.org/search/webcast
Source: chromecache_62.1.dr String found in binary or memory: https://www.cgma.org
Source: chromecache_62.1.dr String found in binary or memory: https://www.evolutionofcpa.org/
Source: chromecache_61.1.dr, downloaded.pdf.crdownload.0.dr String found in binary or memory: https://www.federalregister.gov/documents/2023/09/28/2023-21226/beneficial-ownership-information-rep
Source: chromecache_61.1.dr, downloaded.pdf.crdownload.0.dr String found in binary or memory: https://www.fincen.gov/beneficial-ownership-information-reporting-rule-fact-sheet)
Source: chromecache_61.1.dr, downloaded.pdf.crdownload.0.dr String found in binary or memory: https://www.fincen.gov/boi-faqs)
Source: chromecache_62.1.dr String found in binary or memory: https://www.fm-magazine.com/
Source: chromecache_62.1.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=AW-1072239920
Source: chromecache_62.1.dr String found in binary or memory: https://www.journalofaccountancy.com/
Source: chromecache_61.1.dr, downloaded.pdf.crdownload.0.dr String found in binary or memory: https://www.justice.gov/archives/jm/criminal-resource-manual-910-knowingly-and-willfully#:~:text=An%
Source: chromecache_62.1.dr String found in binary or memory: https://www.thetaxadviser.com/
Source: chromecache_62.1.dr String found in binary or memory: https://www.thiswaytocpa.com/
Source: chromecache_62.1.dr String found in binary or memory: https://www.thiswaytocpa.com/education/
Source: chromecache_62.1.dr String found in binary or memory: https://www.thiswaytocpa.com/segmented-landing/distinguished-achievement-in-accounting/
Source: chromecache_62.1.dr String found in binary or memory: https://www.thiswaytocpa.com/segmented-landing/recruitment/
Source: chromecache_62.1.dr String found in binary or memory: https://www.thiswaytocpa.com/work-experience/plan-career/
Source: chromecache_62.1.dr String found in binary or memory: https://www.youtube.com/user/AICPAMultiMedia
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.15:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: classification engine Classification label: clean1.win@19/13@4/4
Source: chromecache_61.1.dr Initial sample: https://strgnfibcom.blob.core.windows.net/nfibcom/Banking-Survey-2023-Part-II.pdf
Source: chromecache_61.1.dr Initial sample: https://strgnfibcom.blob.core.windows.net/nfibcom/banking-survey-2023-part-ii.pdf
Source: chromecache_61.1.dr Initial sample: https://www.justice.gov/archives/jm/criminal-resource-manual-910-knowingly-and-willfully#:~:text=An%20act%20is%20done%20%22willfully,Gregg%2C%20612%20F
Source: chromecache_61.1.dr Initial sample: https://www.justice.gov/archives/jm/criminal-resource-manual-910-knowingly-and-willfully#:~:text=an%20act%20is%20done%20%22willfully,gregg%2c%20612%20f
Source: chromecache_61.1.dr Initial sample: https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/2013.04.11-report-on-civil-tax-penalties-the-need-for-reform.pdf
Source: chromecache_61.1.dr Initial sample: mailto:Melanie.Lauridsen@aicpa-cima.com
Source: chromecache_61.1.dr Initial sample: https://www.fincen.gov/boi-faqs
Source: chromecache_61.1.dr Initial sample: https://www.fincen.gov/beneficial-ownership-information-reporting-rule-fact-sheet
Source: chromecache_61.1.dr Initial sample: mailto:Kate.Kiley@aicpa-cima.com
Source: chromecache_61.1.dr Initial sample: https://www.federalregister.gov/documents/2023/09/28/2023-21226/beneficial-ownership-information-reporting-deadline-extension-for-reporting-companies-created-or#print
Source: chromecache_61.1.dr Initial sample: https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/tax-policy-concept-statement-no-1-global.pdf
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\9c0d67a3-6f07-4025-aeff-2f08c8df9164.tmp Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/2023/boi-comments-on-proposed-90-day-extension-final.pdf
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2024,i,11191498385787339962,9289795739749909594,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2024,i,11191498385787339962,9289795739749909594,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 61
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 61 Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1428803 URL: https://us.aicpa.org/conten... Startdate: 19/04/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 20 2->5         started        dnsIp3 11 192.168.2.16, 138, 443, 49696 unknown unknown 5->11 13 239.255.255.250 unknown Reserved 5->13 8 chrome.exe 5->8         started        process4 dnsIp5 15 www.google.com 172.253.124.103, 443, 49702, 49717 GOOGLEUS United States 8->15 17 aicpa-prod65-b70-832114268.us-east-1.elb.amazonaws.com 23.21.70.52, 443, 49696, 49699 AMAZON-AESUS United States 8->17 19 us.aicpa.org 8->19
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
23.21.70.52
 aicpa-prod65-b70-832114268.us-east-1.elb.amazonaws.com United States
14618 AMAZON-AESUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.253.124.103
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
www.google.com 172.253.124.103 true
aicpa-prod65-b70-832114268.us-east-1.elb.amazonaws.com 23.21.70.52 true
us.aicpa.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://us.aicpa.org/favicon.ico false
    		high
    https://us.aicpa.org/content/dam/aicpa/advocacy/tax/downloadabledocuments/2023/boi-comments-on-proposed-90-day-extension-final.pdf false
      		high
      file:///C:/Users/user/Downloads/downloaded.pdf false
        		low