Click to jump to signature section
Source: https://iexeuniversidad.com/portal.html | SlashNext: Label: Credential Stealing type: Phishing & Social Engineering |
Source: https://iexeuniversidad.com/favicon.ico | Avira URL Cloud: Label: phishing |
Source: https://iexeuniversidad.com | LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://iexeuniversidad.com' does not match the legitimate domain 'microsoft.com' associated with the Microsoft brand. The webpage displays a login form asking for email and password, which is a common tactic in phishing attacks. The domain name 'iexeuniversidad.com' appears unrelated to Microsoft, raising suspicion. The use of the Microsoft logo and branding on an unrelated domain is a social engineering technique aimed at misleading users. There is no CAPTCHA present, which is often used on legitimate login pages for added security. Based on these factors, the site is highly likely to be a phishing site. DOM: 0.0.pages.csv |
Source: https://iexeuniversidad.com/portal.html | Matcher: Found strong image similarity, brand: MICROSOFT |
Source: https://iexeuniversidad.com/portal.html | Matcher: Template: microsoft matched |
Source: https://iexeuniversidad.com/portal.html | HTTP Parser: Number of links: 0 |
Source: https://iexeuniversidad.com/portal.html | HTTP Parser: Title: Continue does not match URL |
Source: https://iexeuniversidad.com/portal.html | HTTP Parser: Form action: ./execute.php |
Source: https://iexeuniversidad.com/portal.html | HTTP Parser: Form action: ./execute.php |
Source: https://iexeuniversidad.com/portal.html | HTTP Parser: <input type="password" .../> found |
Source: https://iexeuniversidad.com/portal.html | HTTP Parser: No <meta name="author".. found |
Source: https://iexeuniversidad.com/portal.html | HTTP Parser: No <meta name="copyright".. found |
Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49753 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49756 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49771 version: TLS 1.2 |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive |
Source: Joe Sandbox View | IP Address: 13.107.246.67 13.107.246.67 |
Source: Joe Sandbox View | IP Address: 13.107.246.45 13.107.246.45 |
Source: Joe Sandbox View | IP Address: 239.255.255.250 239.255.255.250 |
Source: Joe Sandbox View | JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 96.6.160.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 96.6.160.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 96.6.160.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 96.6.160.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 96.6.160.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 96.6.160.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 96.6.160.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 96.6.160.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 96.6.160.143 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.85.23.86 |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /bf8XxK HTTP/1.1Host: qrco.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /portal.html HTTP/1.1Host: iexeuniversidad.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iexeuniversidad.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /ulp/react-components/1.87.4/css/main.cdn.min.css HTTP/1.1Host: cdn.auth0.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://iexeuniversidad.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic | HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Fl2pNcymfwyN9UW&MD=KLZbXtzN HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic | HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /fonts/FKGroteskNeue.woff HTTP/1.1Host: resources.messari.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://iexeuniversidad.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://iexeuniversidad.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT |
Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iexeuniversidad.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iexeuniversidad.com/portal.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iexeuniversidad.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Fl2pNcymfwyN9UW&MD=KLZbXtzN HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic | DNS traffic detected: DNS query: qrco.de |
Source: global traffic | DNS traffic detected: DNS query: iexeuniversidad.com |
Source: global traffic | DNS traffic detected: DNS query: cdn.auth0.com |
Source: global traffic | DNS traffic detected: DNS query: www.google.com |
Source: global traffic | DNS traffic detected: DNS query: resources.messari.io |
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.dr | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c |
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: chromecache_175.5.dr | String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef. |
Source: chromecache_175.5.dr | String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9. |
Source: chromecache_175.5.dr | String found in binary or memory: https://cdn.auth0.com/ulp/react-components/1.87.4/css/main.cdn.min.css |
Source: chromecache_175.5.dr | String found in binary or memory: https://resources.messari.io/fonts/FKGroteskNeue.woff |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49766 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49764 |
Source: unknown | Network traffic detected: HTTP traffic on port 49672 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49763 |
Source: unknown | Network traffic detected: HTTP traffic on port 49766 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49764 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49770 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49757 |
Source: unknown | Network traffic detected: HTTP traffic on port 49755 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49756 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49755 |
Source: unknown | Network traffic detected: HTTP traffic on port 49757 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49775 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49773 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49750 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49672 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49771 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49770 |
Source: unknown | Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49763 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49775 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49750 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49773 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown | Network traffic detected: HTTP traffic on port 49756 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: unknown | Network traffic detected: HTTP traffic on port 49771 -> 443 |
Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49753 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49756 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49771 version: TLS 1.2 |
Source: classification engine | Classification label: mal68.phis.winPDF@29/59@12/11 |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-11 14-00-29-270.log | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA | Jump to behavior |
Source: unknown | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ACH Electronic Remittance Reciept.pdf" | |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 | |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1640,i,14712021949428459927,10776584995888633118,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 | |
Source: unknown | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bf8XxK | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2264,i,5115585336318407760,10633538412966993992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1640,i,14712021949428459927,10776584995888633118,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2264,i,5115585336318407760,10633538412966993992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: ACH Electronic Remittance Reciept.pdf | Initial sample: PDF keyword /JS count = 0 |
Source: ACH Electronic Remittance Reciept.pdf | Initial sample: PDF keyword /JavaScript count = 0 |
Source: A91mbgqbr_1ig89w2_530.tmp.0.dr | Initial sample: PDF keyword /JS count = 0 |
Source: A91mbgqbr_1ig89w2_530.tmp.0.dr | Initial sample: PDF keyword /JavaScript count = 0 |
Source: ACH Electronic Remittance Reciept.pdf | Initial sample: PDF keyword stream count = 32 |
Source: ACH Electronic Remittance Reciept.pdf | Initial sample: PDF keyword /EmbeddedFile count = 0 |
Source: PDF shot | LLM: Score: 9 Reasons: The PDF contains a visually prominent QR code with a 'SCAN ME' button, which encourages the user to scan it with their smartphone. The text 'SCAN QR CODE WITH YOUR SMART PHONE CAMERA TO OPEN SENSITIVE DOCUMENT' creates a sense of urgency and interest. The document impersonates a well-known brand, 'Microsoft Authenticator,' which adds to its credibility and potential to mislead users. The combination of urgency, interest, and brand impersonation significantly increases the risk of phishing or malware distribution. |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe | Process information queried: ProcessInformation | Jump to behavior |