Windows Analysis Report
Remittance_TSF240305.pdf

Overview

General Information

Sample name:	Remittance_TSF240305.pdf
Analysis ID:	1431494
MD5:	179cde1ce8b83ddd17d152610f0a5762
SHA1:	a117b695cf5594d16045e02134ffca57a8b89b91
SHA256:	ae0f8bd85674c9d389b3393f50d537f5bd460c0be24e178dbd9ab859b1e74ee4

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Phishing site detected (based on image similarity)

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Phishing site detected (based on favicon image match)

Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Found iframes

Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: Number of links: 0
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: Number of links: 1

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n6kd8/0x4AAAAAAAYAT8XsNu5U2Bt5/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n6kd8/0x4AAAAAAAYAT8XsNu5U2Bt5/auto/normal

HTML title does not match URL

Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: http://lloyds.technicfloor.co.uk/verify	HTTP Parser: No favicon
Source: http://lloyds.technicfloor.co.uk/verify	HTTP Parser: No favicon
Source: http://lloyds.technicfloor.co.uk/verify	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n6kd8/0x4AAAAAAAYAT8XsNu5U2Bt5/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n6kd8/0x4AAAAAAAYAT8XsNu5U2Bt5/auto/normal	HTTP Parser: No favicon
Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: No favicon
Source: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx	HTTP Parser: No favicon

Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: No <meta name="author".. found
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: No <meta name="copyright".. found
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /verify HTTP/1.1Host: lloyds.technicfloor.co.ukConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: Gndj=f5c8fb923db656e0fa5e57c194b1a6464cd359c909e75c758e6520b188596651
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lloyds.technicfloor.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://lloyds.technicfloor.co.uk/verifyAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: Gndj=f5c8fb923db656e0fa5e57c194b1a6464cd359c909e75c758e6520b188596651

Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: md-in-63.webhostbox.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.technicfloor.co.uk
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: portal.microsoftonline.com

Source: unknown

HTTP traffic detected: POST /verify HTTP/1.1Host: lloyds.technicfloor.co.ukConnection: keep-aliveContent-Length: 596Cache-Control: max-age=0Upgrade-Insecure-Requests: 1Origin: http://lloyds.technicfloor.co.ukContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://lloyds.technicfloor.co.uk/verifyAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: Gndj=f5c8fb923db656e0fa5e57c194b1a6464cd359c909e75c758e6520b188596651Data Raw: 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 72 65 73 70 6f 6e 73 65 3d 30 2e 63 45 63 41 34 4e 4b 4c 47 65 79 6c 56 6c 75 34 71 54 35 6c 73 70 69 41 37 48 4a 56 44 78 4e 42 35 45 46 67 38 62 67 72 47 6b 48 47 54 36 32 51 68 49 7a 6b 5a 5a 37 57 68 72 56 4d 52 70 6c 7a 45 30 47 62 44 4c 73 72 54 62 5f 59 72 50 56 75 51 46 4d 73 6c 6c 72 33 63 4f 33 62 5a 48 4f 7a 49 54 56 49 70 62 59 68 4e 4a 63 6f 57 6c 67 4e 4f 38 39 2d 36 4d 32 48 64 46 37 57 5a 30 56 58 69 4d 6a 65 6e 32 33 38 78 44 39 62 58 79 78 69 37 5f 38 34 5f 75 50 45 30 74 50 7a 6a 79 65 73 2d 68 77 4f 63 62 78 73 32 64 65 72 35 34 71 34 52 73 4c 44 5a 62 54 4c 31 45 36 35 53 4f 6a 73 56 6c 31 46 7a 45 54 31 6b 58 58 47 44 67 30 6a 75 64 68 46 55 73 61 75 63 45 4a 4e 6f 6f 31 35 68 34 77 64 31 72 44 56 71 6c 76 66 70 6d 4b 69 43 56 38 34 74 54 77 41 30 36 41 45 49 4e 5f 72 51 6f 73 58 50 36 2d 2d 5f 4c 32 30 64 68 68 59 6b 6c 76 45 58 62 52 75 70 35 45 51 34 54 4f 54 64 70 72 68 73 55 58 4a 77 4a 70 56 36 72 64 54 37 4a 64 6d 2d 41 70 49 6b 69 78 43 72 7a 76 6d 4b 52 75 73 59 55 2d 57 68 6b 31 34 48 5f 72 77 59 67 54 77 59 61 5f 43 73 48 64 64 4b 67 63 2d 53 35 79 44 66 6d 32 37 36 4d 7a 4f 57 46 59 70 76 35 39 72 67 4e 54 39 4a 56 69 55 78 52 74 65 4b 35 6e 6d 4b 68 4d 57 33 54 57 4e 42 33 65 54 51 48 61 33 64 79 75 54 38 6d 39 4b 44 6b 5a 66 39 74 6e 52 6b 75 66 77 63 49 77 55 30 5a 50 68 79 44 7a 6f 32 4a 4e 78 75 47 59 5f 71 43 4a 54 71 6d 2d 49 4c 55 2d 31 4a 79 64 32 5f 35 31 54 36 33 74 6c 45 67 2e 6d 76 66 6f 50 62 48 31 68 62 77 62 74 58 63 50 52 69 56 53 39 67 2e 34 35 39 35 35 65 64 35 39 31 35 38 37 35 37 39 35 32 34 32 34 34 32 39 62 39 33 34 62 33 31 66 65 33 61 64 38 32 66 31 38 64 62 32 62 39 33 30 36 38 64 66 64 39 38 33 63 35 64 33 35 33 31 32 26 62 75 74 74 6f 6e 3d 53 75 62 6d 69 74 Data Ascii: cf-turnstile-response=0.cEcA4NKLGeylVlu4qT5lspiA7HJVDxNB5EFg8bgrGkHGT62QhIzkZZ7WhrVMRplzE0GbDLsrTb_YrPVuQFMsllr3cO3bZHOzITVIpbYhNJcoWlgNO89-6M2HdF7WZ0VXiMjen238xD9bXyxi7_84_uPE0tPzjyes-hwOcbxs2der54q4RsLDZbTL1E65SOjsVl1FzET1kXXGDg0judhFUsaucEJNoo15h4wd1rDVqlvfpmKiCV84tTwA06AEIN_rQosXP6--_L20dhhYklvEXbRup5EQ4TOTdprhsUXJwJpV6rdT7Jdm-ApIkixCrzvmKRusYU-Whk14H_rwYgTwYa_CsHddKgc-S5yDfm276MzOWFYpv59rgNT9JViUxRteK5nmKhMW3TWNB3eTQHa3dyuT8m9KDkZf9tnRkufwcIwU0ZPhyDzo2JNxuGY_qCJTqm-I

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.winPDF@36/59@18/50

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6284

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 10-24-41-833.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Remittance_TSF240305.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1576,i,17072586895104793138,11765033316993772074,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 2E602F9B9A6B4D16B6B6174FFB725BB6
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://lloyds.technicfloor.co.uk/remittance
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1944,i,17391167817581420283,7903985191963585467,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1576,i,17072586895104793138,11765033316993772074,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://lloyds.technicfloor.co.uk/remittance
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1944,i,17391167817581420283,7903985191963585467,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Remittance_TSF240305.pdf	Initial sample: PDF keyword /JS count = 0
Source: Remittance_TSF240305.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Remittance_TSF240305.pdf

Initial sample: PDF keyword stream count = 93

Source: Remittance_TSF240305.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Remittance_TSF240305.pdf

Initial sample: PDF keyword obj count = 95

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.138.147	www.google.com	United States	15169	GOOGLEUS	false
13.107.6.156	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
74.125.136.84	unknown	United States	15169	GOOGLEUS	false
142.250.105.95	unknown	United States	15169	GOOGLEUS	false
40.126.28.14	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
23.54.200.159	unknown	United States	16625	AKAMAI-ASUS	false
159.89.230.189	login.technicfloor.co.uk	United States	14061	DIGITALOCEAN-ASNUS	false
104.17.3.184	unknown	United States	13335	CLOUDFLARENETUS	false
64.233.177.139	unknown	United States	15169	GOOGLEUS	false
45.113.122.178	md-in-63.webhostbox.net	India	394695	PUBLIC-DOMAIN-REGISTRYUS	false
23.216.72.131	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.5.13.197	unknown	United States	14618	AMAZON-AESUS	false
64.233.185.94	unknown	United States	15169	GOOGLEUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
login.technicfloor.co.uk	159.89.230.189	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
md-in-63.webhostbox.net	45.113.122.178	true
challenges.cloudflare.com	104.17.2.184	true
www.google.com	74.125.138.147	true
part-0012.t-0009.t-msedge.net	13.107.246.40	true
portal.microsoftonline.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n6kd8/0x4AAAAAAAYAT8XsNu5U2Bt5/auto/normal	false		high
http://lloyds.technicfloor.co.uk/favicon.ico	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://lloyds.technicfloor.co.uk/verify	false		unknown
https://login.technicfloor.co.uk/?auth=2&sso_reload=true	true		unknown
https://login.technicfloor.co.uk/?auth=2	false		unknown
https://portal.microsoftonline.com/Prefetch/Prefetch.aspx	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	104EF33D3FF5B515EE4D9600D66BCFB2	0BF4C7936FA9F55A1270E5CBE8AB386D097BD252	81A253CFB4134D250B3BBF49FD72137D97A29639CCF838EAAD8B1D6AC1F9AAA4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	96A65E0D33B09ADF04876A3175A29126	7FC654D80349177932E6F3602188CD7F2312A90E	FFB4B4D55091329067993457B2CE5F615804FCE4F2A08A1AC01C765DDAF1E130
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7e499c8f-cdb3-45ae-a2b4-747d31c1708a.tmp	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	D047216FBA30817BDB544B6B5EBA2689	3118A84A233E4C164922245FA60BE28D52CDC864	AC1C5F8DE25B4483254DD2D526BB7B9A660177105710E187845A9B9D801760C0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	B5251843BE0528BF96D64FA10183C8B6	A500EA189CDB115000BAF7B99E6C1E9727A34B71	DF6EA068E23C230D4CCF9706C7AAC36421CBC3045B4CDD23F6FAE7C7D8B98617
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425082443Z-166.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54	67F827823E3CA58EE7919510508E78F3	4CC1FBFF2F8E90F7D672A1502747D73A149A9F47	5B57E8CD281445DAAC6144C71414C576D66DCAED4BA4C6D721F37B26A633199D
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2	A4D5FECEFE05F21D6F81ACF4D9A788CF	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	CF5193751129F43BCE200E68C6214419	05F9A7AFA641670570C47B10371ED3500414BE8D	B8DD97054332C3E8565D45217BB3B452410AF8FA267C41C54C2CF3C3DC2E1A89
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6284	PostScript document text	94185C5850C26B3C6FC24ABC385CDA58	42F042285037B0C35BC4226D387F88C770AB5CAA	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)	PostScript document text	94185C5850C26B3C6FC24ABC385CDA58	42F042285037B0C35BC4226D387F88C770AB5CAA	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	EA37DC639793F3E311B301EB95696DB4	89DE6E89E8D480EB015B596169728AF065B87100	75ABB77C2FE43E5804D8E3E05BAFD2365FA6252281375043BAF401A552B6F400
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	EA6E79F5CD28E156BA1153F80342BE3C	DDDD1DDE93688010FC2EF7AF484287079F50AA66	60C191EEA10BF4AAF015F218E4AA106B18E74741B087FC066C4D4CBF4D20F51A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	DD54E1529EBC6B99C47D42AB93AD0D24	4C0BE25494A75E0178AC00550BFD7FF2B5A57A34	9656252469D84309D91C0CB8DF5C060A349A46AC85BD42EECC42B3CCE58BB0FA
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	552B293A27475206FB89AD9D4E20B3DD	8CF5CB213C318C24A90F378909B70A42FC5EC9D8	23FD620B7460B07AF9F2C1E3CBDC6A8EB72208AE2ECE654EA78810737335CA58
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	DE091BFF981EB196A51F0F4A64AF48AB	051C7F3BAF32DA1661840D3A996646D6B57AF1BA	0BB190DF01D706D31694C8D2133B856BC0C6173484073095834846EBABBABBDC
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	E09A5A4FDC8A21DAA997040B1C848EF5	FEA88108F897877C195FA0EA7C2D85F667701624	35FF59A0409FEA079A175CA09ABD7152C41D17DC607B578D57A3D9F0DAFC8F46
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	35D8F1361D7B2A6A8C8E06B9501EC829	A16290C100143F772F603D8EFE76F33B752A6C38	66358E70CA92C3BB98ABFBB9754ED14E993579FABDB33A877B51234F7B5B3B10
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	2C18AAB63350DF673693E245E29FE974	ECF048AB39FB523B7ED537F033C0F27796A4F41B	ED5C81769CE14C55860CE10BCF78554FCD55A4210D5D77A9E6BDA8E8B0132075
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	672CED48B010F6A773E26D8359F4637C	55ED703607FBCDA9C660885D8C374E7248340122	1B09F6B4CB71C6DD8C65D48B518164FC4C339B1D8F2BCC1D9A0FFF708944ECA4
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	F53045E5CAEB43C3495B9F0B8BC7EA80	69B4C7EA1424B1AEBF1CC40592D641AB0235FB7E	9D76929FC36590E0AE6BDC445DF97AB7C4F8AE882015A319FF2096E377162ED7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	9F8D5F9076DC4C431EF4834C2AF77115	E5E64F430FE3C37B2CD0EC4E9A7DA708A68D6A91	43A14BEC8A06164E584DC7B329617A12D896B7192057A491CC8AC11BA2DE48D3
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	A74AB2FB99A9C980D38051135AA692BD	EFC92D96836010A7D13F75350C242213241D9200	4603D1A5B94790638635B2222E44899997439AAA5108209A3AFEEB734FE13C54
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	A1D3119D25A9994CD8F02617E3D2A560	5C550698140266930F53A97EF85A92EA29DC3EFE	B66CE9AD304C4594E4E14F7286BA07EBAB8D89B0CFC44739BFF0C37247A9C320
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	EA21BCBBA03559547184FBCDA6EA1186	744CDA643ACF7287E416AB40751B980030B38029	0DE8B5B8BA5932D09A087BB29ADB40D1830CD3A227BD1697EE9719FE93F3D216
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	4DD2BF10BD69172195E51A1374D53B94	B5BBC0370686C937ADF486DE648D3ECFC1D4C62C	FFB52955310F89D3A5BBFC07BD8E145B71856B17C1355A60797FD2C6E3686E8D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	D8573D192334CA4AE674430E66E2DF6E	F9D69602DCEFC94D50599C4CC21720B8AA017CD8	A813A08F5A1F2487EE07B520E64CFF65153F4D344FC594DD9D7FF9EB84AE384D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	50324E3B7F35B136237C919C4B8DBF8A	C3A8694C359C18A7F58A9AF1F125B5D806C0D778	0ABBC18E8477C787B3362E24759BF522C755A3869E4D27B082B49ECFC3F32C5C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19	07E61C1DBEAD5797F0AFD5ED5F2E0D54	F49EE501F6BC945F26B931C8976E51C2F3E8A058	0DFB51C3852DF5B9212D08787698F95B31913C20EDA0AA19318107AA9C1451E9
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	AEC8CE2B948A442EBDBDC0E853AE26BE	4E58D667D3C63066CCAF5F7EE34E9562C2CDBF87	ED76E702ED9EBB75832A791F8777ABEE0F3CDCDA9FB539FD559A318F697F42E5
C:\Users\user\AppData\Local\Temp\MSIa7a08.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	0012D9A9710F9D23A14381ACB9635011	678E334C82F31061DDCD9C45409FC01667841A89	50D8F23A186BDAFA48DD1D43B15FB05307834C32D09F2CDF83BF83B8891186B2
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 10-24-41-833.log	ASCII text, with very long lines (393)	91F06491552FC977E9E8AF47786EE7C1	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log	ASCII text, with very long lines (393), with CRLF line terminators	D0FB97AF3F525E92B6BD591CE587090F	3E9DF020A538772E5F252A4B54CCDC83B31D7B4F	9AC9C8663B1289D2D9F9722BD6FDBC091BDE931F7E5FCBF1EC35D08C1A49D63E
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	2BA2F49F2DCFF0AD34508FAC801CC04E	C90EB5664225E1E44A2C3A7F5700E86D1E9C13B6	FFE6E62B1053DE44DC04EB95AE317C132820DC4351DDEC3391700C52B6434CB5
C:\Users\user\AppData\Local\Temp\acrocef_low\1eaae1a5-6fd2-4c56-b724-785562aff9bd.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	BC2B4B8EFC05ACC59FBE8E09760D53DC	621852ED2EE8264AAC1B25DBABDD6692C44429CE	2375BBCC12DC3ECDFAEDA891AD37689377C73FEB8E52AB4520D93CF116D20646
C:\Users\user\AppData\Local\Temp\acrocef_low\617416de-3269-4602-9dea-bffdbb2d453d.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081	1D64D25345DD73F100517644279994E6	DE807F82098D469302955DCBE1A963CD6E887737	0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
C:\Users\user\AppData\Local\Temp\acrocef_low\d636e04c-f3e3-4a6e-b38e-e3fbb5dcb833.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	41EF2DA482E9E37E9F44C763CA22D091	CEDE4E555D41EA8577A66D77E8CBF84ADFFB9839	14411719CA954470A6603FF9DBE057D7D3396594BD57662C91CA8D21ED302896
C:\Users\user\AppData\Local\Temp\acrocef_low\f9d32faa-f186-48ca-b58d-0001b67ed7c2.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	5C48B0AD2FEF800949466AE872E1F1E2	337D617AE142815EDDACB48484628C1F16692A2F	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:24:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3750C3DE2426FA1026EBF5690D77C42A	4CF8E24291BDDECFD176F1AB6B51B64B1520EF27	6BA6C0E0CCA4BD6B0D86D1243951A92DC3D16CEC565D3241AA943E0FBF8AD0F3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:24:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	883CA4627F8B885EBF65325C14386B31	888C8100DF41B7C4B35834C8A1DFC5F99D525E77	30941CEE1BD047B130DF8EE3DC6CCF7B3FC5409BE99D74F64B69B58A4980BEA5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	EE9045D52E2122BB9C9FDE93824F2D67	451AE4F6FE0352CADC8C3D15BFFF4854C341A2F7	82FB6681EE7FE132950EEB991D6FFD3BEA4C43E9E9A898D1DDE5F98B64AFFBD3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:24:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	AAC0546586FAFC0043C09BA0F47B6B74	745D88BDFAF55881ED65C5DE4B6DD6459C760C6E	2BFF49163AFDD78FDC33E96B45A3BB7956B7827CBAC2109F3A91274F5B328342
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:24:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7A639B8BCB7EE5DEC0E1B1A456545AA4	7A02195E6A7B8A5B566629691E8D0437DD10BF54	E65600E42DD82CBFFB6DB34C9EA9F455DB877FD60C212C4E8241701906FC3289
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:24:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	AFF6897A7610DC75C272BD865657F210	5B6F787E552F71BB755974ACA57223E6CE468CD8	62C8539A305ECE1433D5E93738BD1CBEF13D0FA07B30C216285F6AF3276A4AB1
Chrome Cache Entry: 165	Unicode text, UTF-8 text, with very long lines (32153)	976055749170B7AF7B5F38AE857A56B2	E3D736B8BC648B97AA403A7283ED6985A6FCF6B2	190D2504B5C2EFE44DCE83474157D309A62DF8FA2B6BDF5D52B2CDDC1EB9E0D7
Chrome Cache Entry: 166	ASCII text, with no line terminators	9F9FA94F28FE0DE82BC8FD039A7BDB24	6FE91F82974BD5B101782941064BCB2AFDEB17D8	9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
Chrome Cache Entry: 167	HTML document, ASCII text	48536B78A008381582D4BCA29C48FB9A	21450F6D759E5082EF79FB5331317615BA9E7068	F1C26DE877C174694BC90D1FAA2F700F8314F16EDAEF3120A31FEDE930EF0613
Chrome Cache Entry: 168	ASCII text, with very long lines (43896)	5252837FFA272234E1CBF2D3D83EF32C	CAA4E48A54A2B1CA09327E42F24F6031FDF21CDA	DF2E852C347ECF82F70A0C8A4B91713FBB0914D58F2CBAB01316BFE646ABEE7C
Chrome Cache Entry: 170	PNG image data, 17 x 60, 8-bit/color RGB, non-interlaced	0F22C37BAFD6CD1D1911FF7434EB84F5	890A7B503AA4C00ED33FBC0473DF793DAAD03BE7	0A479D86D5C253C79626107FF4DF197E0706827F0F729DE0F1A3AF6C699F6A63
Chrome Cache Entry: 173	ASCII text, with very long lines (64612)	5B0E3778C74235B06DA49808DD8DF90A	AD25897B0870B81568412F55B19898E406CC11B3	7530B843A86F3155CE07CDA787A40DA87052664B09C22F3D4DB5E9238664DBE0
Chrome Cache Entry: 174	ASCII text, with very long lines (61177)	D62B4EDEB512B07ABEF4688E27ECDDE3	981A7825DA5E29938AB6FE0CBFE2DB622F7B8333	4B01A0A34CE8ED4BC8A8713BE0442D49DA6A756236B7B4424622CA3DEE820F41
Chrome Cache Entry: 175	ASCII text, with very long lines (45529)	1A0C9CD8426709A1C5AC8EB19013CB72	21FEB1E3BBEC4F6271D3FC68A71F928B86840810	D12F35509E7EBCD8AF368FAF23C490FDA08FA0CB21171AB6B60AE2468242E500
Chrome Cache Entry: 176	ASCII text, with very long lines (42414)	F94A2211CE789A95A7C67E8C660D63E8	F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F	926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B
Chrome Cache Entry: 177	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 180	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 181	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 183	ASCII text, with very long lines (64616)	8C74AB954A2C743D71C5B99C47F94C34	3FF62FDC7AD0AAA2D36EBA473DC28ECDD0F6D4E4	B449CE27BB6C0352DC780DBA81B4D323D4808DAEEE064DD934CEC65B67BE8D46
Chrome Cache Entry: 184	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 185	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 186	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators	E86EF8B6111E5FB1D1665BCDC90888C9	994BF7651CB967CD9053056AF2D69ACB74DB7F29	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458

Phishing

Phishing site detected (based on favicon image match)

Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Found iframes

Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: Number of links: 0
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: Number of links: 1

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n6kd8/0x4AAAAAAAYAT8XsNu5U2Bt5/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n6kd8/0x4AAAAAAAYAT8XsNu5U2Bt5/auto/normal

HTML title does not match URL

Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: http://lloyds.technicfloor.co.uk/verify	HTTP Parser: No favicon
Source: http://lloyds.technicfloor.co.uk/verify	HTTP Parser: No favicon
Source: http://lloyds.technicfloor.co.uk/verify	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n6kd8/0x4AAAAAAAYAT8XsNu5U2Bt5/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n6kd8/0x4AAAAAAAYAT8XsNu5U2Bt5/auto/normal	HTTP Parser: No favicon
Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: No favicon
Source: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx	HTTP Parser: No favicon

Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: No <meta name="author".. found
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.technicfloor.co.uk/?auth=2	HTTP Parser: No <meta name="copyright".. found
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.technicfloor.co.uk/?auth=2&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /verify HTTP/1.1Host: lloyds.technicfloor.co.ukConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: Gndj=f5c8fb923db656e0fa5e57c194b1a6464cd359c909e75c758e6520b188596651
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lloyds.technicfloor.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://lloyds.technicfloor.co.uk/verifyAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: Gndj=f5c8fb923db656e0fa5e57c194b1a6464cd359c909e75c758e6520b188596651

Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: md-in-63.webhostbox.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.technicfloor.co.uk
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: portal.microsoftonline.com

Source: unknown

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.winPDF@36/59@18/50

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6284

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 10-24-41-833.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Remittance_TSF240305.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1576,i,17072586895104793138,11765033316993772074,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 2E602F9B9A6B4D16B6B6174FFB725BB6
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://lloyds.technicfloor.co.uk/remittance
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1944,i,17391167817581420283,7903985191963585467,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1576,i,17072586895104793138,11765033316993772074,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://lloyds.technicfloor.co.uk/remittance
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1944,i,17391167817581420283,7903985191963585467,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Remittance_TSF240305.pdf	Initial sample: PDF keyword /JS count = 0
Source: Remittance_TSF240305.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Remittance_TSF240305.pdf

Initial sample: PDF keyword stream count = 93

Source: Remittance_TSF240305.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Remittance_TSF240305.pdf

Initial sample: PDF keyword obj count = 95

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

ID:	1431494
Product:	CloudBasic
Start time:	10:23:42
Start date:	25.04.2024
Sample:	Remittance_TSF240305.pdf
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	179cde1ce8b83ddd17d152610f0a5762
SHA1:	a117b695cf5594d16045e02134ffca57a8b89b91
SHA256:	ae0f8bd85674c9d389b3393f50d537f5bd460c0be24e178dbd9ab859b1e74ee4
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Windows Analysis Report
Remittance_TSF240305.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Remittance_TSF240305.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Remittance_TSF240305.pdf